Stolen Laptop Script Pack

Kaseya Automation Team

Product Name: Stolen Laptop Script Pack

Description : This pack of procedure will allow to retrieve different informations from the stolen laptop. You will be able to get a dekstop screenshot, get a picture from the camera, get a short video, retrieve the list of available wireless network and monitor IP changes.
You will need to schedule any of these scripts, most of them are compatible with both Windows and Mac.

Some scripts require outside tools provided in the archive, they will need to be uploaded to the manages files into a folder named "stolenlaptop"
All results files end up being downloaded to the Document folder of each endpoint. (Easily available in Quick View.)

NB: You run the scripts at your own risks, you may want to check your state and federal laws prior to running them (webcam picture or video could be sensitive.)

Instructions :

• Upload the procedure with the Import Folder/Procedure tool in the Agent Procedures module under Schedule / Create
• Create a new folder in Manage Files called "stolenlaptop" and upload all the files but the xml in this folder. 
• Schedule or run any procedure
  
  

Todd Williams

Anybody have any experiences with this pack? 

Chris

Yes, last time I checked this worked. Which was about a month or two ago. 

Jeremy Hinkle

Where is the "webscr.exe" file? It's not in the zipped file that was downloaded.

Kaseya Automation Team

Jeremy, it should be in the zip file, you may want to disable your anti virus first as I have seen the file get flagged as a malware but it is a false positive. 

Jeremy Hinkle

Yea, you're right. My antivirus is cleaning it off too quick for me to notice. Thanks for the heads up!

Jeremy Hinkle

This is probably a dumb question, but where is it saving these files it's creating? For instance, the "collect IP information", it's saving to the temp directory on the local computer, but then the procedure does a "getFile". Where is "..\Docs\"?

Kaseya Automation Team

All your agents have a GetFile and Documents folder in your k server. You can access the Documents in Quick View of any agent whenever you hover the mouse over the agent icon. Right on top of GetFile is Documents. Otherwise it should be easy to edit the procedures and save the files to the GetFiles folder or a network location of your choice. 

Jeremy Hinkle

Thanks for the info!

Michael Barrett

Just one note the video and webcam pictures will not work with a computer with more than one camera (ex. Surface Pro).

Dylan Hall

This could use a procedure to delete all documents and user data

James Armstrong

I fully agree with Dylan. If a procedure was created to delete all documents and user data that would be great!

Charles Vasquez

Hello everyone. In my orgaization I can only upload documents to my Private files and created the 'Stolen Laptop' folder there. My question is will these scripts read from that location or do I have to change the script?

Thomas Goral

Tried deploying to a laptop, didn't work for me.

David Perhacs

I've messed with this script and made a few personal changes and it works fairly well for me. I have it generate emails when a computer is outside of the US and give us the Location. The main issue I found was the GEO location websites were maxed out on hits for the day very early on and did not give me a location. I found a different website that works much better and is fairly robust. I will send out the info in the next couple of days to this discussion if it will help people out.

Mike Moniz

I would like to try the new website.  Emails are a great idea too!

Brendon

Hey David,

Did you end up committing your changes to this repo? 

David Perhacs

My apologies for the delay. I'll add the XML text below

-- GEO IP Locator with changes

<?xml version="1.0" encoding="utf-8"?>

<ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">

  <Procedure name="GEOIP_Locator">

    <Body description="">

      <Statement name="GetURL" continueOnFail="false">

        <Parameter xsi:type="StringParameter" name="URL" value="http://ip-api.com/csv/?fields=281" />

        <Parameter xsi:type="StringParameter" name="ResponseFileName" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

        <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

      </Statement>

      <Statement name="GetVariable" continueOnFail="true">

        <Parameter xsi:type="EnumParameter" name="VariableType" value="FileContent" />

        <Parameter xsi:type="StringParameter" name="SourceContent" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

        <Parameter xsi:type="StringParameter" name="VariableName" value="geoIP" />

      </Statement>

      <Statement name="DeleteFile" continueOnFail="true">

        <Parameter xsi:type="StringParameter" name="Path" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

      </Statement>

      <Statement name="UpdateSystemInfo" continueOnFail="true">

        <Parameter xsi:type="StringParameter" name="ColumnName" value="GEO_IP_Location" />

        <Parameter xsi:type="StringParameter" name="Value" value="#geoIP#" />

      </Statement>

    </Body>

  </Procedure>

</ScriptExport>

What I called the GEO_Alert email 

<?xml version="1.0" encoding="utf-8"?>

<ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">

  <Procedure name="GEO_Alert">

    <Body description="">

      <Statement name="GetURL" continueOnFail="false">

        <Parameter xsi:type="StringParameter" name="URL" value="http://ip-api.com/csv/?fields=1" />

        <Parameter xsi:type="StringParameter" name="ResponseFileName" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

        <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

      </Statement>

      <Statement name="GetVariable" continueOnFail="true">

        <Parameter xsi:type="EnumParameter" name="VariableType" value="FileContent" />

        <Parameter xsi:type="StringParameter" name="SourceContent" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

        <Parameter xsi:type="StringParameter" name="VariableName" value="geoIP" />

      </Statement>

      <Statement name="GetVariable" continueOnFail="true">

        <Parameter xsi:type="EnumParameter" name="VariableType" value="MachineGroupID" />

        <Parameter xsi:type="StringParameter" name="SourceContent" value="" />

        <Parameter xsi:type="StringParameter" name="VariableName" value="MachineID" />

      </Statement>

      <If description="">

        <Condition name="CheckVariable">

          <Parameter xsi:type="StringParameter" name="VariableName" value="#geoIP#" />

          <Parameter xsi:type="EnumParameter" name="Condition" value="NotEquals" />

          <Parameter xsi:type="StringParameter" name="Value" value="United States" />

        </Condition>

        <Then>

          <Statement name="SendEmail" continueOnFail="false">

            <Parameter xsi:type="StringParameter" name="To" value="<YOUR-EMAIL>" />

            <Parameter xsi:type="StringParameter" name="Subject" value="<Subject Line about missing laptop>" />

            <Parameter xsi:type="MultiLineStringParameter" name="Body" value="ALERT - &#xA;&#xA;#MachineID# has been located in #geoIP# and is in violation of company policy." />

          </Statement>

        </Then>

      </If>

    </Body>

  </Procedure>

</ScriptExport>

Hope this helps. This does require the original script pack instructions, I just modified a couple items. Thanks! 

Mark Needham

Has anyone had this work for them? Keeps failing on test, no AV installed.

Mark Needham

Has anyone managed to get this to work? Mine keeps failing step 2 (camera shot I believe). No AV installed.