🕫 NEW 🕫- Kaseya Certified Expert Training Camp launches on 8/23. Class size is limited. Learn more > https://www.community.connectit.com/events/28-kaseya-certified-expert-traincamp-august-23rd-september-2nd

Stolen Laptop Script Pack

Kaseya Automation Team
Kaseya Automation Team USMember, Kaseya Certified CHOCOLATE MILK
edited January 24 in Solutions

Product Name: Stolen Laptop Script Pack

Description : This pack of procedure will allow to retrieve different informations from the stolen laptop. You will be able to get a dekstop screenshot, get a picture from the camera, get a short video, retrieve the list of available wireless network and monitor IP changes.
You will need to schedule any of these scripts, most of them are compatible with both Windows and Mac.

Some scripts require outside tools provided in the archive, they will need to be uploaded to the manages files into a folder named "stolenlaptop"
All results files end up being downloaded to the Document folder of each endpoint. (Easily available in Quick View.)

NB: You run the scripts at your own risks, you may want to check your state and federal laws prior to running them (webcam picture or video could be sensitive.)

Instructions :

  • Upload the procedure with the Import Folder/Procedure tool in the Agent Procedures module under Schedule / Create
  • Create a new folder in Manage Files called "stolenlaptop" and upload all the files but the xml in this folder. 
  • Schedule or run any procedure

Comments

  • Todd Williams
    Todd Williams Member CHOCOLATE MILK
    edited June 2018

    Anybody have any experiences with this pack? 

  • Chris
    Chris Member
    edited June 2018

    Yes, last time I checked this worked. Which was about a month or two ago. 

  • Jeremy Hinkle
    Jeremy Hinkle Member CHOCOLATE MILK
    edited July 2018

    Where is the "webscr.exe" file? It's not in the zipped file that was downloaded.

  • Kaseya Automation Team
    Kaseya Automation Team USMember, Kaseya Certified CHOCOLATE MILK
    edited July 2018

    Jeremy, it should be in the zip file, you may want to disable your anti virus first as I have seen the file get flagged as a malware but it is a false positive. 

  • Jeremy Hinkle
    Jeremy Hinkle Member CHOCOLATE MILK
    edited July 2018

    Yea, you're right. My antivirus is cleaning it off too quick for me to notice. Thanks for the heads up!

  • Jeremy Hinkle
    Jeremy Hinkle Member CHOCOLATE MILK
    edited July 2018

    This is probably a dumb question, but where is it saving these files it's creating? For instance, the "collect IP information", it's saving to the temp directory on the local computer, but then the procedure does a "getFile". Where is "..\Docs\"?

  • Kaseya Automation Team
    Kaseya Automation Team USMember, Kaseya Certified CHOCOLATE MILK
    edited July 2018

    All your agents have a GetFile and Documents folder in your k server. You can access the Documents in Quick View of any agent whenever you hover the mouse over the agent icon. Right on top of GetFile is Documents. Otherwise it should be easy to edit the procedures and save the files to the GetFiles folder or a network location of your choice. 

  • Jeremy Hinkle
    Jeremy Hinkle Member CHOCOLATE MILK
    edited July 2018

    Thanks for the info!

  • Michael Barrett
    Michael Barrett Member CHOCOLATE MILK
    edited September 2019

    Just one note the video and webcam pictures will not work with a computer with more than one camera (ex. Surface Pro).

  • Dylan Hall
    Dylan Hall Member
    edited May 2020

    This could use a procedure to delete all documents and user data

  • James Armstrong
    edited June 2020

    I fully agree with Dylan. If a procedure was created to delete all documents and user data that would be great!

  • Charles Vasquez
    edited December 2020

    Hello everyone. In my orgaization I can only upload documents to my Private files and created the 'Stolen Laptop' folder there. My question is will these scripts read from that location or do I have to change the script?

  • Thomas Goral
    Thomas Goral Member
    edited January 2021

    Tried deploying to a laptop, didn't work for me.

  • David Perhacs
    David Perhacs Member CHOCOLATE MILK
    edited January 2021

    I've messed with this script and made a few personal changes and it works fairly well for me. I have it generate emails when a computer is outside of the US and give us the Location. The main issue I found was the GEO location websites were maxed out on hits for the day very early on and did not give me a location. I found a different website that works much better and is fairly robust. I will send out the info in the next couple of days to this discussion if it will help people out.

  • Mike Moniz
    Mike Moniz Member
    edited January 2021

    I would like to try the new website.  Emails are a great idea too!

  • Brendon
    Brendon Member
    edited January 2021

    Hey David,

    Did you end up committing your changes to this repo? 

  • David Perhacs
    David Perhacs Member CHOCOLATE MILK
    edited February 2021

    My apologies for the delay. I'll add the XML text below


    -- GEO IP Locator with changes

    <?xml version="1.0" encoding="utf-8"?>

    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">

      <Procedure name="GEOIP_Locator">

        <Body description="">

          <Statement name="GetURL" continueOnFail="false">

            <Parameter xsi:type="StringParameter" name="URL" value="http://ip-api.com/csv/?fields=281" />

            <Parameter xsi:type="StringParameter" name="ResponseFileName" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

            <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

          </Statement>

          <Statement name="GetVariable" continueOnFail="true">

            <Parameter xsi:type="EnumParameter" name="VariableType" value="FileContent" />

            <Parameter xsi:type="StringParameter" name="SourceContent" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

            <Parameter xsi:type="StringParameter" name="VariableName" value="geoIP" />

          </Statement>

          <Statement name="DeleteFile" continueOnFail="true">

            <Parameter xsi:type="StringParameter" name="Path" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

          </Statement>

          <Statement name="UpdateSystemInfo" continueOnFail="true">

            <Parameter xsi:type="StringParameter" name="ColumnName" value="GEO_IP_Location" />

            <Parameter xsi:type="StringParameter" name="Value" value="#geoIP#" />

          </Statement>

        </Body>

      </Procedure>

    </ScriptExport>


    What I called the GEO_Alert email 

    <?xml version="1.0" encoding="utf-8"?>

    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">

      <Procedure name="GEO_Alert">

        <Body description="">

          <Statement name="GetURL" continueOnFail="false">

            <Parameter xsi:type="StringParameter" name="URL" value="http://ip-api.com/csv/?fields=1" />

            <Parameter xsi:type="StringParameter" name="ResponseFileName" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

            <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

          </Statement>

          <Statement name="GetVariable" continueOnFail="true">

            <Parameter xsi:type="EnumParameter" name="VariableType" value="FileContent" />

            <Parameter xsi:type="StringParameter" name="SourceContent" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

            <Parameter xsi:type="StringParameter" name="VariableName" value="geoIP" />

          </Statement>

          <Statement name="GetVariable" continueOnFail="true">

            <Parameter xsi:type="EnumParameter" name="VariableType" value="MachineGroupID" />

            <Parameter xsi:type="StringParameter" name="SourceContent" value="" />

            <Parameter xsi:type="StringParameter" name="VariableName" value="MachineID" />

          </Statement>

          <If description="">

            <Condition name="CheckVariable">

              <Parameter xsi:type="StringParameter" name="VariableName" value="#geoIP#" />

              <Parameter xsi:type="EnumParameter" name="Condition" value="NotEquals" />

              <Parameter xsi:type="StringParameter" name="Value" value="United States" />

            </Condition>

            <Then>

              <Statement name="SendEmail" continueOnFail="false">

                <Parameter xsi:type="StringParameter" name="To" value="<YOUR-EMAIL>" />

                <Parameter xsi:type="StringParameter" name="Subject" value="<Subject Line about missing laptop>" />

                <Parameter xsi:type="MultiLineStringParameter" name="Body" value="ALERT - &#xA;&#xA;#MachineID# has been located in #geoIP# and is in violation of company policy." />

              </Statement>

            </Then>

          </If>

        </Body>

      </Procedure>

    </ScriptExport>


    Hope this helps. This does require the original script pack instructions, I just modified a couple items. Thanks! 

Weekly Leaderboard