RMM Endpoints With Generic Usernames
This is for those cases where a client doesn’t have a domain controller (or AzureAD), and possibly bought all their own computers from Best Buy 😩
One look into the RMM and you have a list of endpoints that all seem to have “Owner” as the currently logged in user. This is by no means a perfect solution, but it pulls the primary email address configured in Microsoft Outlook. Kaseya users can use the included Agent Procedure.
The Powershell script grabs the current logged on user, finds the SID, and then reads the configured Microsoft 365 identity from the user’s registry hive. This is intended to then populate a custom field in the RMM to help identify who is actually using the computer.
PowerShell Script
# Grab the currently logged on username
$user = ((get-ciminstance win32_computersystem | ForEach-Object username) -split '\\')[1]
# Mount HKEY_USERS
if (!(Get-PSDrive HKU -ErrorAction SilentlyContinue)) {
New-PSDrive -Name hku -PSProvider Registry -Root HKEY_USERS | Out-Null
}
# Find the matching SID in HKEY_USERS
$environment = ((get-itemproperty 'hku:\*\Volatile Environment' | Where-Object username -eq $user).pspath -split '\\')[2]
# Create the registry path for PS
$userRegPath = join-path 'HKU:' $environment
# Grab configured MS365 Identities, ignoring hotmail or others, then extract the configured email address
if (Test-Path "$userRegPath\SOFTWARE\Microsoft\Office\16.0") {
$identities = Get-ChildItem -Path "$userRegPath\SOFTWARE\Microsoft\Office\16.0\Common\Identity\Identities" | Where-Object Name -like "*ADAL"
$identity = $identities[0].Name
Get-ItemPropertyValue -Path "Registry::$identity" -Name "EmailAddress"
} else {
# The AppX version of Office is installed...sorry.
Write-Output "AppX"
}
Kaseya Agent Procedure
<?xml version="1.0" encoding="utf-8"?>
<ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">
<Procedure name="CFGetPrimaryEmail" treePres="3" id="390089668" folderId="926674191526453" treeFullPath="myProcedures - cpanagapko">
<Body description="">
<Statement description="Gets the email address of the first configured mailbox in Outlook and then updates a custom field.
Use Case: Client has multiple computers using generic usernames - Helps find out who is using which system
REQUIRES CUSTOM FIELD CALLED: CF Primary Email" name="GetVariable" continueOnFail="false" osType="Windows">
<Parameter xsi:type="EnumParameter" name="VariableType" value="AgentTempDirectory" />
<Parameter xsi:type="StringParameter" name="SourceContent" value="" />
<Parameter xsi:type="StringParameter" name="VariableName" value="kworking" />
</Statement>
<Statement name="WriteFile" continueOnFail="false" osType="Windows">
<Parameter xsi:type="StringParameter" name="Path" value="#kworking#\GetOutlookEmailAddress.ps1" />
<Parameter xsi:type="StringParameter" name="ManagedFile" value="VSASharedFiles\SKYROOT\AuditCF\GetOutlookEmailAddress.ps1" />
<Parameter xsi:type="BooleanParameter" name="DeleteAfter" value="False" />
</Statement>
<Statement name="Execute Powershell" continueOnFail="false" osType="Windows">
<Parameter xsi:type="StringParameter" name="Parameter1" value="#kworking#\GetOutlookEmailAddress.ps1" />
<Parameter xsi:type="StringParameter" name="Parameter2" value="" />
<Parameter xsi:type="StringParameter" name="Parameter3" value="True" />
</Statement>
<Statement name="WriteScriptLogEntry" continueOnFail="false" osType="Windows">
<Parameter xsi:type="StringParameter" name="Comment" value="#global:psresult#" />
</Statement>
<Statement name="UpdateSystemInfo" continueOnFail="false" osType="Windows">
<Parameter xsi:type="StringParameter" name="ColumnName" value="CF Primary Email" />
<Parameter xsi:type="StringParameter" name="Value" value="#global:psresult#" />
</Statement>
</Body>
</Procedure>
</ScriptExport>
Enjoy!
–C