Admin Scripts

Using this script you can leverage an input file to add a Tag to all of the designated records. The input file needs to be plain text with one entry per line (computer, user, etc as appropriate). This allows you to bulk tag selected computers, devices, users, etc. using an input source rather than hand selecting objects. Simply pick the input file and put in the tag you wish to add to the objects. For some objects like Users, you will need to use KeyConfigure as not all object types have a dedicated screen in the Web UI.

Very simple script to add a specified Tag to the selected objects. Just choose multiple computers, users, etc. and run the script. Do this with normal shift/control/command clicks pending platform. You can add multiple tags at one time by typing each one (and clicking off of it to complete the tag creation in KeyConfigure). In the Web UI, the number of selected items which will be tagged is shown in the lower left. There is also an option to replace all existing tag(s) on the selected objects with the new one(s). See also Remove Tags...

Note the need for this script in the Web UI has been replaced by the Quick Edit functionality. If you use the Lifecycle management features it may be useful to bulk change several computers from Deployed to Salvaged at the same time for example. Note that this script is hard coded with options and therefore will not show any Custom Values you have added. Contact Sassafras Software Support if you need a custom script with custom values. As with other scripts, simply select the computers or devices you want to alter, run the script, and make your selection.

Simple script to set if selected Products are visible in the "public" areas of the Web UI. That is, the Software page, and clicking on Computers on Maps to see their installed applications. This script is only usable in KeyConfigure. In the Web UI you can use the checkmarks instead in the Manage screen.

Basic script to change when selected policies expire. Uncommon use case, but manage policies can have an expiration date and bulk change may be needed in some instances. KeyConfigure use only.

KeyConfigure only. A no option script that is extremely useful. It simply opens another window that contains a list of all Computers that do not contain the selected Product. Note you should only right click on a single selected product or results could be confusing to say the least.

This script is used when implementing Okta authentication. It generates several unique keys needed for that integration. See our documentation on this OIDC module for full details.

This script is used when implementing PingIdentity authentication. It generates several unique keys needed for that integration. See our documentation on this OIDC module for full details.

Used by customers with Jira as a helpdesk ticketing tool, this script will export computer records to your Jira instance. This is useful for using AllSight as the source of ITAM while using Jira for ITSM.

Used to generate URLs that can then be uploaded to Avery.com to print out QR codes for Devices and Computers. The resulting codes will open the URLs for those unique items. This allows easy scan of code labels to then edit and update device records when servicing in person. When running the script ensure the base url properly matches the Web Service URL (so there are no cert issue). It will then create an output file you can upload to the Avery site. See our Blog Post on this for steps on the Avery site.

Simple script that takes an input plain text file with one serial per line and finds all matching computer records in the system.

This script will query all computers based on OEM Serial with Dell using your Dell API key (required input) and populate the Warranty fields with the relevant purchase and expiry information. It will also pull Lenovo warranty expiration dates. Obtain your API key and Secret from your Dell rep. You can then choose to populate the Purchase and/or Replacement dates with the query results, replace or keep any values currently in the local records, and record the output if needed for troubleshooting. Note you can then use the Set Replacement Date script to build on this information automatically.

A robust script that Tags each Computer with a location based on the ipstack open database. Accuracy is of course no promise. You can sign up to get a free API key which is then the only input to the script. Execution will add tags to every computer record based on IP lookup. You can then create a Tag based Map Set and view computers by reported physical location of the IP. Because the maps are value tag based, re-running the script and therefore updating their location will update the map sets.

This script can be used to import, synchronize, or both, based on serial number, and will work for Windows, iOS and/or Android devices managed in Intune. You can set these various options on the General tab of the script. If computers do not exist in KeyServer that are in Intune, they can be created in the Imported state. A client that then connects and matches the Serial based ID will move the record to Dedicated and update with KeyAcces data.

The fields on the Mapping tab allow you to specify attributes in Azure to be mapped to the various computer fields in AllSight. There is syntax possible to pull in linked record information for things like Owner. Contact support for specific questions as needed.

The Azure App configuration for which you need the Tenant, App/Client ID, and Client Secret Credentials is very basic. The app needs permission to read the InTune devices and configuration, so at the simplest it needs DeviceManagementApps.Read.All and DeviceManagementManagedDevices.Read.All. Also ensure these are Application permissions and not Delegated as the latter will not work. You may alter as needed for the security or tenancy of your environment of course, but if the app can not read a device it will not be imported.

In the case of creating a record, the fields imported include:

computerOEMSerial
computerSystemSerial
computerBIOSSerial
computerUUID
computerLastAudit
computerName
computerModel
computerManufacturer
computerOSVersion
computerRAMSize
computerDiskSize
computerFreeSpace
computerMACAddress
computerWirelessAddress
computerUserName
computerOwner
computerServiceURL
computerPlatform
computerOSType
computerLastImport

In the case of an Update for an exiting record, only the fields on the Mapping tab will be updated, in addition to ServiceURL.

This script will import and/or sync data from Jamf for MacOS, iOS, and/or tvOS devices. For full information see our dedicated Tech Note on this item.

This script imports ChromeOS devices from your Google management console into the Computers list. It can be used on its own, or to gather information not available to the KeyServer Client for Chromebook. To configure this script, follow these steps:

In Google Cloud Console:

1. Create a new project (or use an existing one)
2. Enable the Admin SDK API for the project
• Navigate to APIs & Services > Enable APIs & Services
• Click + Enable APIs & Services at the top of the panel
• Search for "Admin SDK API" and click to select it
• On the Admin SDK API page, click the Enable button
3. Create a Service Account
• Navigate to APIs & Services > Credentials
• Click + Create Credentials at the top of the panel
• Select "Service account" from the menu
• Provide a Service account name and description
• Click Done, and new Service account will be listed
4. Create a new Key for the Service account
• Click the Service account in the Service account list to edit details
• Switch to the "Keys" tab at the top of the panel
• Click Add Key > Create new key
• Choose "JSON" Key type and click Create
• The key information will be downloaded to your computer as a JSON file
5. Enable Domain-wide Delegation for the Service account
• Switch to the "Details" tab at the top of the panel
• Copy the Unique ID for the Service account onto the clipboard
• Expand "Advanced settings" in the main panel
• Click "View Google Workspace Admin Console"
• Navigate to Security > Access and data control > API controls
• Click "Manage Domain Wide Delegation"
• Click "Add new" at the top of the panel
• Paste the Unique ID into the Client ID field
• In the OAuth scopes field, enter:
  https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly
• Click Authorize to complete the process
6. Configure the Script
• On the Settings / Scripts page, click the settings icon for this script
• In the Account field enter the email of any Admin for Google Workspace
• Drag the JSON file to the Credentials field
• Click Save to complete the configuration

Google Workspace requires that you provide an Admin account when accessing the device information. This account is only used to ensure appropriate access. By providing the account name you are not granting any permissions to this script other than those granted to the Service account you created. If you followed the steps above, the Service account (and therefore the script) will only have permission to read information about the ChromeOS devices you are managing.

It is possible to create and update schedules on Maps by importing time set information from CSV. The format needs to be very precise so it is readable, so your source data may need to be adjusted to fit our format. See Time Sets for more details.

User records in KeyServer are created by the login names reported by the OS. This means you could have more than one record for the same person because of platform differences or even local vs domain accounts. There may also be additional data fields in your Active Directory records which we would have no knowledge of at the desktop level that you would like to have in the KeyServer record. This script is designed to help manage these concerns.

• It will pull in Department, Phone, and eMail fields from AD for all matching user accounts.
• You can specify which user attribute to use as the Primary Name in KeyServer, and then Alias the others to that account.
• Additional Aliases is a coma delimited field that allows you to alias other user attributes from AD
• External ID from allows you to populate the external id field with a specified AD attribute. This is searchable in the Loaner Checkout Extra in newer versions.
• If you specify an OU or Filter it will import all user records from that resulting location even if we currently have no matching records locally. This allows you to create records not just sync them.
• There are also options to write the results to a file for logging to troubleshoot issues.

There are several operational notes for this script.

• It will only work through the Web UI if the host server is Windows (see below)
• It will only work in KeyConfigure on Windows if you are logged in to the OS with a Domain account (see below)
• In either case, the host computer account or local user account that is executing the script must be able to query the domain accounts
• IF your AD allows anonymous queries of user accounts and properties, then there are no operational restrictions, but this tends to be uncommon

The List Users in AD Group script below may be a useful companion in some cases.

Similar to the AD script of the same name, this seeks to import, sync, and alias user data from Azure. See the above script for relevant concepts. Ensure the credentials used in the script have the proper user and group read access in your tenant.

KeyConfigure only. Given an input file with a list of computer names, open a new window with matching computer records. Used for an add hoc search based on arbitrary input from another source. A similar script can be provided that works on Serial numbers if needed. Contact Support for that script.

KeyConfigure only. Utility script to list all local users that exist in a given AD group. Useful when setting up User based polices to ensure AD query is working and user attributes are matching. May be useful in conjunction with the Import User Information from AD script above.

This script is useful in some instances when imported records didn't line up with records created by KeyAccess checkins. This can happen due to using an ID type other than Serial as the primary and importing records prior to client creation. Using this script you can choose how to merge the Import records with the Discovered records.

Note in the Web UI this script is generally replaced by the Quick Edit feature. A more robust script that incorporates options available in many of the other simple scripts, like setting Division, Lifecycle, Auto Logout, Map Visibility, and more. You can select multiple Computers and change multiple attributes quickly in bulk.

Note in the Web UI this script is generally replaced by the Quick Edit feature. Similar to Move Computers but with many fewer options. Allows bulk change of Lifecycle stage, Division, and Anchor state of selected Devices.

Note in the Web UI this script is generally replaced by the Quick Edit feature. Much like the Move Computers and Move Devices scripts, this allows bulk change of a few attributes of Purchase records: Status, Entitlement, and Section.

Very simple script for bulk removal of Tags from items. Simply enter the tag or tags you want to remove.

This is for troubleshooting and generally only used by Sassafras Software Support or at their direction. It resets a data field used to identify computers on maps that can become scrambled in some rare cases causing computers to not show as expected.

Note in the Web UI this script is generally replaced by the Quick Edit feature. Simple script to allow you to set values on multiple Asset pane fields of multiple Computer or Device records at once. The Quick Edit feature in the Web UI supplants the need for this script, but it can be useful in KeyConfigure.

If you are using our web font end as a method of finding and connecting to computers over RDP, this script can be useful. If a user drops their connection without logging out, this option being enabled on a computer will cause it to auto log out after 3 minutes. Use this script to quickly set this option on all selected computers.

If you Disable computer records in AD rather than delete them, this script can be used to automatically move those corresponding (by name) records to a Dormant login state in AllSight.

In addition to all other settings for Maps, you can select in each computer record if the computer will be shown on Floorplans. Use this script to quickly hide or show a number of computers at once by setting this flag.

Only useful for datacenter license managers. Allows setting the PVU value of several computers at once.

Set the Replacement Date on all or select batches of computers based on various criteria. This can be useful when used in conjunction with the Gather Warranty Dates script. For example, if both are run on schedules, this one can set the replacement date to warranty date +1 year automatically.

Useful to show all Packages on a selected computer, or all Computers that have a selected Package. Similar to the Show Installs function that is built in to KeyConfigure Computers. You can choose one type of package or all types. Results will vary by Operating System.

Opens a new window showing all selected items that contain no tags. Useful if you use Tags extensively and are looking for object that have not been tagged yet.

This script drives our integration with TeamDynamix. For more information see our Blog post on this integration and the Documentation for setting it up.