Hello. We are moving over to Cisco ISE for our network management. As various people add new computers to the network, they sometimes forget to assign the security group which is now needed to place the switch port in the correct vlan. I am trying to leverage KACE to find machines that are *not* members of specific security groups. For example, if a computer is *not* a member of 'staff-1', 'staff-2', or 'staff-3' then I need to know that. I am thinking that this can be done with an LDAP group for computers that are a member of one of those groups, and then a report for computers that are in inventory but not a part of that smart label, but I am not sure how to write the LDAP query to populate the LDAP label. Any ideas?
Answer Summary:
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer Chosen by the Author


to run as a local account:
note:use the path I used that directory allows any user to put files there
You will need to create a kscript run as logged in user and create a text file then use the cir to read that.


ShellCommandTextReturn(cmd /c type C:\ProgramData\Dell\KACE\user\netlocalgroup.txt)

Answered 01/05/2016 by: SMal.tmcc
Red Belt

  • sorry I forgot net "" needs to run as a user, it will not work when run as system and CIR's run as system
  • also this will need an inventory cycle to run after the kscript prior to populating the CIR
    • This seems to be creating the local file correctly, but it is returning the logged in user's groups, not the computer itself. Is there a different command or switch for that?
      • sorry not paying attention to detail today buried with windows 10 sysprep and imaging

        use this in the script
        /c gpresult /r /scope:computer > C:\ProgramData\Dell\KACE\user\gpresult.txt

        then read that file with CIR
Please log in to comment
Answer this question or Comment on this question for clarity


This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.

SMAL- thank you so much, that worked perfectly! Enjoy Windows 10!!
Answered 01/05/2016 by: rlavin
White Belt

Please log in to comment
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja