Comments

3 comments

  • Shane Corellian

    Hi,

    This data isn't stored in the Inventory database so you wouldn't be able to create a collection or a report based on this data. The data can only be viewed in (almost) real time from the computer window in the Process panel.

    0
    Comment actions Permalink
  • Bell, Mark

    Shane, is there a way to hack this up, like running the command below from Deploy, piping the result to a text file on the local PC, then detecting that file/content as part of a collection?

    %WINDIR%\System32\tasklist /FI "IMAGENAME eq winword.exe" | find /I /N "winword.exe"

    Thanks,
    Mark

     

     

    0
    Comment actions Permalink
  • Colby Bouma

    Something like this should work. Save these as XML files and import them.

    scan profile

    <?xml version="1.0" encoding="utf-8"?>
    <AdminArsenal.Export Code="PDQInventory" Name="PDQ Inventory" Version="12.4.0.0" MinimumVersion="8.0">
    <ScanProfile>
    <Description>https://support.pdq.com/hc/en-us/community/posts/211689247-Collection-by-running-process</Description>
    <ScanProfileId value="7" />
    <IsDefault value="false" />
    <Name>Is Word Running?</Name>
    <Scanners type="list">
    <Scanner>
    <DateCreated>2017-05-12T09:14:12.0000000-06:00</DateCreated>
    <DateModified>2017-05-12T09:15:24.0000000-06:00</DateModified>
    <ExcludePatterns type="list" />
    <IncludePatterns type="list">
    <item>C:\Processes\winword.txt</item>
    </IncludePatterns>
    <RowLimit value="2500" />
    <TypeName>Files</TypeName>
    <SourceScannerId value="31" />
    </Scanner>
    </Scanners>
    <ScheduleTriggers type="list" />
    </ScanProfile>
    </AdminArsenal.Export>

     

    collection

    <?xml version="1.0" encoding="utf-8"?>
    <AdminArsenal.Export Code="PDQInventory" Name="PDQ Inventory" Version="12.4.0.0" MinimumVersion="4.0">
    <Collection>
    <ReportDefinition name="Definition">
    <Columns type="list">
    <Column>
    <Column>ComputerId</Column>
    <Summary></Summary>
    <Table>Computer</Table>
    <Title></Title>
    </Column>
    </Columns>
    <RootFilter name="Filter">
    <Comparison>All</Comparison>
    <Filters type="list">
    <ValueFilter>
    <Table>File</Table>
    <Column>Name</Column>
    <Comparison>Equals</Comparison>
    <Value>winword.txt</Value>
    </ValueFilter>
    <ValueFilter>
    <Table>File</Table>
    <Column>PathName</Column>
    <Comparison>Equals</Comparison>
    <Value>C:\Processes</Value>
    </ValueFilter>
    </Filters>
    </RootFilter>
    <ReportDefinitionTypeName>BasicReportDefinition</ReportDefinitionTypeName>
    </ReportDefinition>
    <IsDrilldown value="false" />
    <Created>2017-05-12T09:23:13.0000000-06:00</Created>
    <Description>https://support.pdq.com/hc/en-us/community/posts/211689247-Collection-by-running-process</Description>
    <Id value="1180" />
    <IsEnabled value="true" />
    <Modified>2017-05-12T09:23:13.0000000-06:00</Modified>
    <Name>Is Word Running?</Name>
    <ParentId value="null" />
    <Path>Is Word Running?</Path>
    <TypeName>DynamicCollection</TypeName>
    <Children type="list" />
    </Collection>
    </AdminArsenal.Export>

     

    package

    <?xml version="1.0" encoding="utf-8"?>
    <AdminArsenal.Export Code="PDQDeploy" Name="PDQ Deploy" Version="13.0.4.0" MinimumVersion="9.0">
    <Package>
    <PackageDefinition name="Definition">
    <CopyMode>Default</CopyMode>
    <InventoryScanProfileId value="7" />
    <ScanAfterDeployment value="true" />
    <Timeout value="60" />
    <UseCustomTimeout value="false" />
    <RunAs value="null" />
    <Steps type="list">
    <PowerShellStep>
    <CustomCommandLine></CustomCommandLine>
    <Files></Files>
    <Script>$Result_Directory = "C:\Processes"
    $Result_Name = "winword.txt"

    $Process_State = Get-Process winword -ErrorAction SilentlyContinue

    if ( $Process_State -ne $null ) {

    if ( ( Test-Path "$Result_Directory" ) -eq $false ) {

    New-Item -ItemType "Directory" -Path "$Result_Directory"

    }

    New-Item -ItemType "File" -Path "$Result_Directory" -Name "$Result_Name"

    } else {

    Write-Output "Word is not running"

    }</Script>
    <SuccessCodes>0</SuccessCodes>
    <RunAs value="null" />
    <Conditions type="list">
    <PackageStepCondition>
    <Architecture>Both</Architecture>
    <Version>All</Version>
    <TypeName>OperatingSystem</TypeName>
    </PackageStepCondition>
    <PackageStepCondition>
    <IsUserLoggedOn>AlwaysRun</IsUserLoggedOn>
    <TypeName>LoggedOnUser</TypeName>
    </PackageStepCondition>
    </Conditions>
    <ErrorMode>StopDeploymentFail</ErrorMode>
    <Title></Title>
    <TypeName>PowerShell</TypeName>
    <IsEnabled value="true" />
    </PowerShellStep>
    </Steps>
    </PackageDefinition>
    <Description>https://support.pdq.com/hc/en-us/community/posts/211689247-Collection-by-running-process</Description>
    <FolderId value="null" />
    <Name>Is Word Running?</Name>
    <Path>Is Word Running?</Path>
    <Version>1.0</Version>
    <PackageDisplaySettings name="DisplaySettings">
    <DisplayType>Normal</DisplayType>
    <IconKey>Icon-Package</IconKey>
    <SortOrder value="12" />
    </PackageDisplaySettings>
    </Package>
    </AdminArsenal.Export>
    0
    Comment actions Permalink

Please sign in to leave a comment.