Desktop Central is still desperately lacking in patch/configuration job targeting...
This has been an issue for a good number of years now and, whilst DC appear to have made some changes (and even some improvements) to the way in which you are able to target jobs, there are still some pretty serious limitations and even some down-right failures in the way in which job targeting is handled. Here are a couple of posts, over at least the last six years, of examples where very specific requests for improvement have been made, with repeated "looking into it" and other non-committal responses:
Security Update - ManageEngine Desktop Central (Remote Code Execution - Fixed)
Hello Everyone, The remote code execution vulnerability in Desktop Central (CVE-2020-10189) has been fixed in build 10.0.479. The new hotfix is available at https://www.manageengine.com/products/desktop-central/service-packs.html For more information about the vulnerability, please visit https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html Please contact support for any clarification or the assistance. Thank you.
Zero-Day Vulnerability - Desktop Central - March 6th, 2020
Is there any information regarding the zero-day vulnerability for Desktop Central that was announced today via the article: https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/ ? Any guidance yet?
Tomcat Vulnerability?
Good morning, is the OPManager software vulnerable to the Tomcat exploit in the link below? https://www.cisecurity.org/advisory/a-vulnerability-in-apache-tomcat-could-allow-for-arbitrary-file-reading-cve-2020-1938_2020-028/
Are any ManageEngine products (like ServicedeskPlus) vulnerable to recent "Ghostcat" exploit?
i see referenced in this previous post https://pitstop.manageengine.com/portal/community/topic/java-standalone-application-any-servler-container-like-apache-tomcat-behind that some manageengine products are based on Apache Tomcat. given the most recent "ghostcat" exploit that was discovered, what is the eta for updates to use a version of tomcat which has this patched? Exploit details: https://www.cisecurity.org/advisory/a-vulnerability-in-apache-tomcat-could-allow-for-arbitrary-file-reading-cve-2020-1938_2020-028/
Self-signed SSL Certificate
Good Day If we want to access ServiceDesk Plus via our intranet we get the "Connection to this site is not secure" warning. Therefore, we tried to install a self-signed SSL-certificate. Whilst importing the certificate ServiceDesk Plus throws an error. In the Support-File we found the error "Exception occurred when importing the SSL certificate! : Self signed certificate cannot be imported from UI|". Is there any other way to import the certificate or to get rid of the warning?
Announcement on Ghostcat vulnerability (CVE-2020-1938)
Dear users, Ghostcat is a serious vulnerability in Apache Tomcat discovered by security researcher of Chaitin Tech. Due to a flaw in the Tomcat AJP protocol, an attacker can read or include any files in the webapp directories of Tomcat. For example, an attacker can read the webapp configuration files or source code. In addition, if the target web application has a file upload function, the attacker may execute malicious code on the target host by exploiting file inclusion through Ghostcat vulnerability.
REST API access to create and reply to email converstations
Hello all. Does anyone know if there is an exposed API to view, create and reply to email conversations in a ticket? I can see that there is a well-documneted API for Notes, but I am not able to find anything about Emails. Regards, Alex
SDP 11.1 / site change by user mail
Hi Can I automatically change the site by mail domain for new users? ex: if a@name.com then the site is "NAME"
Large File Attachment Notification to Requester
When a requester submits a ticket with a file attachment larger than 10 MB, the technicians receives a notification that the attachment was dropped. Can we also create a notification that gets sent to the requester when the attachment is dropped due to file size? Thanks
Monitoring Cisco Telepresence
Hello, I am trying to start monitoring Cisco TelePresence systems. I can see even, that if proper SNMP community string is provided, OpM discover the device out of the box. However - it is monitoring the device with availability only. My question is - did anyone succeeded in more detailed monitoring? like monitoring network interfaces (and its details, like drops etc.). Final scenario is monitor somehow "User Experience" - to be aware before bigger (more massive) issue comes. I would like to know
Form Rules on emailed Incidents
Can Field and Form rules run off of Incidents that are mailed in? We're trying to set it up so incidents that are emailed in with a certain subject and sender are sent to the proper group with the correct category set. But the variations of field rules I've tried don't seem to do anything at all on incidents that are emailed in. That's why I'd like to know if they can even run on emailed in request or if they can only run on request made while in ServiceDesk.
[Community Digest] ServiceDesk Plus - February 2020
A lot happens in a month on PitStop around ServiceDesk Plus. And, it's quite likely for you to have missed out on something interesting. So, we decided to bring you all the action of the last month in a digest. Read on and stay updated on all that's making PitStop the most happening IT hub. User Education and Resources: User Education opened to help you use ServiceDesk Plus to its fullest potential, https://www.youtube.com/watch?reload=9&v=EHsZASYhyKU&feature=youtu.be Resources: https://pitstop.manageengine.com/portal/community/topic/one-hundred-ways-to-make-servicedesk-plus-work-for-you-20-2-2020
[SDF-47403] Change Templates - Pre-populated Tasks
Is there a way to configure pre-populated tasks for your change template? Much like you can do in the Request Template under the request workflow? We have recurring system changes to document but do not want to re-create the same tasks everytime the change is created.
postgres data export help needed
I need to bulk export requests with all the data which must include all the conversation history. I have looked through custom reports and analytics plus but i cant find the table/ field where i can grab this from. Our ME database is postgres. Thanks
Service Desk Plus MSSQL query Last Update Time
I'm wanting to see if I can get some help with a SQL query that can add a column showing the number of days since the request was updated. I found the following query below from the forums that filters the database by records. but cant seem to figure out how to make a calculated field that shows the number of days since update. Any help you can give would be greatly appreciated. Thanks Tony Blandin SELECT ti.FIRST_NAME "Technician", wo.WORKORDERID "Request ID", aau.FIRST_NAME "Requester", cd.CATEGORYNAME
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
Incident Template
We receive automated emails into ServiceDesk Plus from a system which are logged as incidents using a specific template. However, the requester is set to the senders email address and we would like to change this to another requester automatically. Can Service Desk Plus do this? If so, how?
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
[SDF-24799] Templates for Announcements
Hello, I was wondering if Announcement Templates are on the road map for future releases? Our organization likes to have multiple templates for outages and notifications for the general business. Thanks!
Mandating a Field for Announcements
Hello, I was wondering if its possible to have a few specific fields mandated when users create announcements? I know its possible for templates but I can't seem to find it anywhere for announcements. For example, I would like to make "Announcement Type" field required before an announcement is created. Thanks!
Site Usage
Our organization is a City with many physical locations throughout our municipality. Before we ever started using ServiceDesk we had already called each one of these locations Sites. This caused some confusion early on as we started setting ServiceDesk up and unfortunately was never fixed. By ServiceDesk’s definition we should only have one Site, our City name. But as things are each actual location we have is listed under Sites. After time we made a change to what data is found in the Office field
How to audit OneDrive for Business activities
OneDrive for Business is widely used to store and retrieve documents. Since, these documents can be easily accessed, modified or deleted by any users who have access, you must keep track of all the actions performed in organization’s OneDrive for Business account and the person responsible for every action. Why use O365 Manager Plus to audit your OneDrive for Business? Native Office 365 auditing options such as PowerShell scripts and Office 365 Security & Compliance Center are either complex to use
Need help with a query report
Hi, I need a query report for the usage of a metered software. But I need the report ignoring the file version and the computer. It should be like this: User Name | Rule Name | Usage Duration user xy acad.exe 7 day, 5 hours, 30 min The normal Users with metered software splits the time according to the Product Version (file version) Maybe someone can help me with creating a query report. Thx bye, Alf
IT analytics in 90 seconds: Boost your MSP's revenue using customer effective rates
Identify the customers who bring in the most profit by using the Customer Effective Rate report in Analytics Plus. If you're not already using Analytics Plus, download your free, 30-day trial today:
IT analytics in 90 seconds: Boost your MSP's revenue using customer effective rates
Identify the customers who bring in the most profit by using the Customer Effective Rate report in Analytics Plus. If you're not already using Analytics Plus, download your free, 30-day trial today:
Fix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat. The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security related
Fix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus
Mobile Device Manager Plus has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat. The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security related
Error with Mail Fetching
Currently getting this error message with the mail fetcher: Error while connecting to mail store: javax.mail.MessagingException: connect timed out; nested exception is: java.net.SocketTimeoutException: connect timed out I am not seeing anything on the smtp server that would timeout the request.
Collected logs in CEF format
Hello, Is there any chance to collect the logs reside in AdAudit Plus in CEF format ? Regards
Exporting closed tickets to a separate database.
Good morning all, I wonder if you can assist? Our database is currently running high and we wish to keep it below the 10 gig threshold SQLExpress has. I have tried the following all with minimal to no success: shrinking the database data delete from aaaaccsession delete from auditrecord delete from recentitems delete from errorlog archiving all closed tickets older than 2 years. Can you please advise on what else can be done to reduce the size of the database? Is there a way to move all closed tickets
How to remove global admin’s access to OneDrive for Business sites.
Problem When you configure backups for OneDrive for Business sites using RecoveryManager Plus, the global admin is provided access to all OneDrive for Business sites by the product. If you decide not to back up a particular or all OneDrive for Business sites, you’ll have to manually revoke OneDrive for Business access from the global admin. This document will show you how you can manually revoke a global admin’s access to OneDrive for Business sites. Solution Download SharePoint Online Management
Python script for updating tasks
HI I have followed the instructions for installing this python script from this forum https://resources.manageengine.com/resources/resource/python-populate-request-details-in-task-title-and-task-description However, when it executes at point of creation I get the message "No tasks to update" I have 3 tasks within the template & a variety of fields in different formats, surrounded by different delimiters (in case I had missed something) but still get the same error. What am I overlooking here? (I
How to remove MDM app from android device
Hi everyone, Our On-Premise MDM server was affected by an issue of the OS and all our data was lost, we have in there like 200 android devices enrolled at that moment and now we can't remove to start all over the process again for enrollment, we configure the MDM server again so we can do a fresh start but we can't enroll the existing devices to the new MDM server. Any ideas on how to remove the MDM android app so we can configure it again? Thanks
Waiting for Approval - status is changed to On Hold... How do I turn that off?
I am having the hardest time finding this. I could've sworn I could turn this setting off... I'm trying to turn off the setting that when you send something out for approval, the status automatically goes to On Hold... I can't seem to find how to do that, or if you can even turn it off... Thanks!
Business Rule - Run once / Run limit
Hi, We have a business rule to notify service management when the priority of a ticket is created as P1/P2 or edited to be a P1/P2. The problem is that whenever anything is edited in the ticket from then on the business rule runs every time. We only really need to be notified once. I think there are probably more use cases to imposing a run once or run limit to business rules. In the meantime is there a different way of achieving the behavior I've described above? Thanks in advance, Dave
Introducing the new File Shadow feature in Device Control Plus!
Hello everyone! We are pleased to announce the release of the file shadow feature in Device Control Plus. With this tool, mirror copies of the files that are exported or modified using USB devices can be created in real-time. Subsequently these shadow copies can then be safeguarded in password protected network shares. It is a useful capability that provisions admins to apply an added layer of protection for files transferred via USB devices. The settings can be configured directly from the console
[SOLVED] API v3 Field and Form Rules Script to get User Additional Field
We are working towards migrating our production environment up to build 11104 from 10513, and in doing so we will need to replace many of our scripts. One such script is a Field and Form rule to get a requester's room number and enter it into a field on the incident template. The room number is defined as a User Additional Field. Any assistance with this would be appreciated.
The connection with the server has been terminated or an incompatible SSL protocol was encountered
Hi, Please could you help for the following error? The connection with the server has been terminated or an incompatible SSL protocol was encountered
Next Page