As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for RMM automation. Here is one of the recent scripts we added to our RMM. We often find ourselves creating a local user and network share for SMB scanner on the customer network. Here is the script we created to automate this process:
Variables
It is important to not store variables in scripts especially when they are credentials for a user on the local computer, so make sure to define variables accordingly. Here are the variables we are using for this script:
- $ScanDir = the local directory (c:\scans) where the scanner with store files via SMB
- $Username = username for the new local user account
- $Password = password for the new local user account
Script Snippet
#Change password to useable by powershell and create new user if it does not already exist
$Pass = ConvertTo-SecureString $Password -AsPlainText -Force
if(!(gwmi -class Win32_UserAccount | Where {$_.Name -eq $Username}))
{
New-LocalUser -Name $Username -Password $Pass -PasswordNeverExpires
Write-Host "User has been created successfully"
}
else
{
Write-Host "The given user: $Username already exists"
}
#Create scans directory specified if it does not already exist.
if(!(Test-Path -path $ScanDir))
{
New-Item -ItemType directory -Path $ScanDir
Write-Host "Folder path has been created successfully at: " $ScanDir
}
else
{
Write-Host "The given folder path $ScanDir already exists"
}
#Create scans share if it does not already exist
if(!(Get-SMBShare -Name scans -ea 0))
{
New-SMBShare –Name “scans” –Path $ScanDir –FullAccess everyone
Write-Host "The scans Share has been created successfully"
}
else
{
Write-Host "The scans share already exists"
}
#Set network profile to Private to allow SMB communication on all currently attached networks
Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
Checking whether each item already exists helps the RMM to get the proper exit code and not show the script as failed when run. Please notice that the script changes the network profile to Private, which may need to be altered if you are in a domain to DomainAuthenticated. We do this as Windows Firewall will not allow SMB traffic to traverse in the Public profile, which is the default on a new network. All that is left is to setup the printers scanner profiles with the SMB share \\computername\scans and the new user created.
If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.
Recently have seen that SMB is turned off in many Windows 10 installations, so here is an additional piece to add to the script to open those firewall ports:
#Set firewall rules to enable for ports 139 & 445 SMB File Sharing
Get-NetFirewallRule | Where {$_.DisplayName -eq “File and Printer Sharing (SMB-In)” -and $_.Profile -eq “Private”} | Enable-NetFirewallRule
Get-NetFirewallRule | Where {$_.DisplayName -eq “File and Printer Sharing (NB-Session-In)” -and $_.Profile -eq “Private”} | Enable-NetFirewallRule