Script to create a regkey breadcrumb that I can capture in a label in KACE
New question, I thought I knew how to create the smart label, but I guess not exactly. I want to create a smart label that contains all the machines that have a regkey with the date 30 days ago or more. This will be tied to a script to delete the "ThreatDetected" regkey. How do I create a Smart label that will capture PCs with a regkey date that is 30 days ago or longer? I tried this and changed the regkey on my test machine to 2013/10/6 and this smart label didn't capture it:
select MACHINE.*, C.CLIENT_CONNECTED, UNIX_TIMESTAMP(now()) - UNIX_TIMESTAMP(LAST_SYNC) as LAST_SYNC_TIME,
UNIX_TIMESTAMP(LAST_SYNC) as LAST_SYNC_SECONDS
LEFT JOIN KBSYS.KUID_ORGANIZATION O ON O.KUID=MACHINE.KUID LEFT JOIN KBSYS.SMMP_CONNECTION C ON C.KUID = MACHINE.KUID AND O.ORGANIZATION_ID = 1
where ((( (1 in (select 1 from ORG1.LABEL, ORG1.MACHINE_LABEL_JT where MACHINE.ID = MACHINE_LABEL_JT.MACHINE_ID and MACHINE_LABEL_JT.LABEL_ID = LABEL.ID and LABEL.TYPE != 'hidden' and LABEL.NAME like '%Threat Detected Regkey Exists%')) ) AND (1 in (select 1 from ORG1.MACHINE_CUSTOM_INVENTORY where MACHINE.ID = MACHINE_CUSTOM_INVENTORY.ID and MACHINE_CUSTOM_INVENTORY.SOFTWARE_ID = 18068 and MACHINE_CUSTOM_INVENTORY.DATE_FIELD_VALUE > '30')) ))
I am re-writing our Service Desk action response for anti-virus alerts. One of the first things I want them to do is to mark the machine as having a threat with a breadcrumb that has today's date in it that I can capture in KACE. Once I have that in KACE I want a Smart label that includes all PCs with a date that is within the last 30 days. This way, over time, the Service Desk can check to see if a particular machine has had a threat within the last 30 days, and if it has, reimage it. I know how to create the custom inventory and the Smart label, but I'm not sure how to write the script to get today's date.
Here's my custom inventory rule:
RegistryValueReturn(HKLM\SOFTWARE\KEYNAME, ThreatDetected, DATE)
I'm not even sure if I should create a batch file, vbs script, or something else...
Any help would be greatly appreciated.