├── scripts ├── README.md ├── trmmdockerpostgresupdate.txt ├── migrate-mesh-to-postgres.sh └── Windows_Defender_Allowed_List.ps1 ├── kubernetes ├── namespace.yaml ├── certs.yaml ├── nlb.yaml ├── secrets.yaml ├── deployment │ ├── tactical-frontend.yaml │ ├── tactical-redis.yaml │ ├── tactical-websockets.yaml │ ├── tactical-mongodb.yaml │ ├── tactical-backend.yaml │ ├── tactical-init-pod.yaml │ ├── tactical-celery.yaml │ ├── tactical-meshcentral.yaml │ └── tactical-web.yaml ├── pvc.yaml ├── network-policy.yaml └── README.md ├── LICENSE └── README.md /scripts/README.md: -------------------------------------------------------------------------------- 1 | This folder is for misc scripts for specific tasks that aren't applicable in -------------------------------------------------------------------------------- /kubernetes/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: tacticalrmm 6 | labels: 7 | app: tacticalrmm 8 | -------------------------------------------------------------------------------- /kubernetes/certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1alpha2 2 | kind: Certificate 3 | metadata: 4 | name: rmm-mydomain-com 5 | namespace: tacticalrmm 6 | spec: 7 | secretName: rmm-mydomain-com-tls 8 | commonName: rmm.mydomain.com 9 | dnsNames: 10 | - rmm.mydomain.com 11 | - api.rmm.mydomain.com 12 | - mesh.rmm.mydomain.com 13 | issuerRef: 14 | name: letsencrypt 15 | kind: ClusterIssuer -------------------------------------------------------------------------------- /kubernetes/nlb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | service: tactical-nlb 8 | name: tactical-nlb 9 | spec: 10 | type: LoadBalancer 11 | # externalTrafficPolicy: Local 12 | ports: 13 | - name: "http" 14 | port: 80 15 | - name: "https" 16 | port: 443 17 | - name: "nats" 18 | port: 4222 19 | selector: 20 | service: tactical-nlb 21 | -------------------------------------------------------------------------------- /kubernetes/secrets.yaml: -------------------------------------------------------------------------------- 1 | # CAUTION: THIS FILE IS FOR DEMONSTRATION PURPOSES ONLY 2 | # DO NOT UPLOAD SECRETS TO YOUR GIT REPOSITORY !!!! 3 | # Secrets must be encoded using base64 (ensure there is no newline at the end of the file): 4 | # echo -n 'mysupersecretpassword' | base64 -w0 5 | 6 | apiVersion: v1 7 | kind: Secret 8 | metadata: 9 | name: tactical-secrets 10 | namespace: tacticalrmm 11 | data: 12 | # Default password: changeme 13 | trmm-password: Y2hhbmdlbWU= 14 | mesh-password: Y2hhbmdlbWU= 15 | mesh-smtp-password: Y2hhbmdlbWU= 16 | mongodb-password: Y2hhbmdlbWU= 17 | postgres-password: Y2hhbmdlbWU= 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022-present AmidaWare LLC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /kubernetes/deployment/tactical-frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | service: tactical-frontend 8 | name: tactical-frontend 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | service: tactical-frontend 14 | strategy: {} 15 | template: 16 | metadata: 17 | labels: 18 | service: tactical-frontend 19 | spec: 20 | securityContext: 21 | runAsUser: 1000 22 | fsGroup: 1000 23 | containers: 24 | - name: trmm-frontend 25 | image: tacticalrmm/tactical-frontend:0.14.1 26 | resources: {} 27 | env: 28 | - name: API_HOST 29 | value: api.rmm.mydomain.com 30 | restartPolicy: Always 31 | --- 32 | apiVersion: v1 33 | kind: Service 34 | metadata: 35 | namespace: tacticalrmm 36 | labels: 37 | app: tacticalrmm 38 | service: tactical-frontend 39 | name: tactical-frontend 40 | spec: 41 | ports: 42 | - name: "http" 43 | port: 8080 44 | targetPort: 8080 45 | selector: 46 | service: tactical-frontend 47 | -------------------------------------------------------------------------------- /kubernetes/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: tactical-data 6 | namespace: tacticalrmm 7 | labels: 8 | app: tacticalrmm 9 | service: tactical-data 10 | 11 | spec: 12 | accessModes: 13 | - ReadWriteMany 14 | storageClassName: nfs-client 15 | resources: 16 | requests: 17 | storage: 200Mi 18 | status: {} 19 | --- 20 | apiVersion: v1 21 | kind: PersistentVolumeClaim 22 | metadata: 23 | name: mesh-data 24 | namespace: tacticalrmm 25 | labels: 26 | app: tacticalrmm 27 | service: mesh-data 28 | 29 | spec: 30 | accessModes: 31 | - ReadWriteOnce 32 | resources: 33 | requests: 34 | storage: 1Gi 35 | status: {} 36 | --- 37 | apiVersion: v1 38 | kind: PersistentVolumeClaim 39 | metadata: 40 | name: mongo-data 41 | namespace: tacticalrmm 42 | labels: 43 | app: tacticalrmm 44 | service: mongo-data 45 | 46 | spec: 47 | accessModes: 48 | - ReadWriteOnce 49 | resources: 50 | requests: 51 | storage: 1Gi 52 | status: {} 53 | --- 54 | apiVersion: v1 55 | kind: PersistentVolumeClaim 56 | metadata: 57 | name: redis-data 58 | namespace: tacticalrmm 59 | labels: 60 | app: tacticalrmm 61 | service: redis-data 62 | 63 | spec: 64 | accessModes: 65 | - ReadWriteOnce 66 | resources: 67 | requests: 68 | storage: 1Gi 69 | status: {} 70 | -------------------------------------------------------------------------------- /kubernetes/deployment/tactical-redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | service: tactical-redis 8 | name: tactical-redis 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | service: tactical-redis 14 | strategy: 15 | type: Recreate 16 | template: 17 | metadata: 18 | labels: 19 | network/redis: "true" 20 | service: tactical-redis 21 | spec: 22 | securityContext: 23 | runAsUser: 1000 24 | fsGroup: 1000 25 | containers: 26 | - name: trmm-redis 27 | image: redis:6.0-alpine 28 | args: 29 | - redis-server 30 | - --appendonly 31 | - "yes" 32 | resources: {} 33 | volumeMounts: 34 | - mountPath: /data 35 | name: redis-data 36 | restartPolicy: Always 37 | volumes: 38 | - name: redis-data 39 | persistentVolumeClaim: 40 | claimName: redis-data 41 | --- 42 | apiVersion: v1 43 | kind: Service 44 | metadata: 45 | namespace: tacticalrmm 46 | labels: 47 | app: tacticalrmm 48 | service: tactical-redis 49 | name: tactical-redis 50 | spec: 51 | ports: 52 | - name: "6379" 53 | port: 6379 54 | targetPort: 6379 55 | selector: 56 | service: tactical-redis 57 | -------------------------------------------------------------------------------- /kubernetes/network-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: proxy 5 | namespace: tacticalrmm 6 | spec: 7 | ingress: 8 | - {} 9 | podSelector: 10 | matchLabels: 11 | network/proxy: "true" 12 | --- 13 | apiVersion: networking.k8s.io/v1 14 | kind: NetworkPolicy 15 | metadata: 16 | name: api-db 17 | namespace: tacticalrmm 18 | spec: 19 | ingress: 20 | - from: 21 | - podSelector: 22 | matchLabels: 23 | network/api-db: "true" 24 | - podSelector: 25 | matchLabels: 26 | network/proxy: "true" 27 | podSelector: 28 | matchLabels: 29 | network/api-db: "true" 30 | --- 31 | apiVersion: networking.k8s.io/v1 32 | kind: NetworkPolicy 33 | metadata: 34 | name: mesh-db 35 | namespace: tacticalrmm 36 | spec: 37 | ingress: 38 | - from: 39 | - podSelector: 40 | matchLabels: 41 | network/mesh-db: "true" 42 | - podSelector: 43 | matchLabels: 44 | network/proxy: "true" 45 | podSelector: 46 | matchLabels: 47 | network/mesh-db: "true" 48 | --- 49 | apiVersion: networking.k8s.io/v1 50 | kind: NetworkPolicy 51 | metadata: 52 | name: redis 53 | namespace: tacticalrmm 54 | spec: 55 | ingress: 56 | - from: 57 | - podSelector: 58 | matchLabels: 59 | network/redis: "true" 60 | podSelector: 61 | matchLabels: 62 | network/redis: "true" 63 | -------------------------------------------------------------------------------- /kubernetes/deployment/tactical-websockets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | service: tactical-websockets 8 | name: tactical-websockets 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | service: tactical-websockets 14 | strategy: 15 | type: Recreate 16 | template: 17 | metadata: 18 | labels: 19 | network/api-db: "true" 20 | network/redis: "true" 21 | network/proxy: "true" 22 | service: tactical-websockets 23 | spec: 24 | securityContext: 25 | runAsUser: 1000 26 | fsGroup: 1000 27 | containers: 28 | - name: trmm-websockets 29 | image: tacticalrmm/tactical:0.14.1 30 | args: 31 | - tactical-websockets 32 | resources: {} 33 | volumeMounts: 34 | - mountPath: /opt/tactical 35 | name: tactical-data 36 | restartPolicy: Always 37 | volumes: 38 | - name: tactical-data 39 | persistentVolumeClaim: 40 | claimName: tactical-data 41 | --- 42 | apiVersion: v1 43 | kind: Service 44 | metadata: 45 | namespace: tacticalrmm 46 | labels: 47 | app: tacticalrmm 48 | service: tactical-websockets 49 | name: tactical-websockets 50 | spec: 51 | ports: 52 | - name: "http" 53 | port: 80 54 | targetPort: 80 55 | - name: "https" 56 | port: 443 57 | targetPort: 443 58 | - name: "8383" 59 | port: 8383 60 | targetPort: 8383 61 | selector: 62 | service: tactical-websockets 63 | -------------------------------------------------------------------------------- /kubernetes/deployment/tactical-mongodb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | service: tactical-mongodb 8 | name: tactical-mongodb 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | service: tactical-mongodb 14 | strategy: 15 | type: Recreate 16 | template: 17 | metadata: 18 | labels: 19 | network/mesh-db: "true" 20 | service: tactical-mongodb 21 | spec: 22 | securityContext: 23 | runAsUser: 1000 24 | fsGroup: 1000 25 | containers: 26 | - name: trmm-mongodb 27 | image: mongo:4.4 28 | resources: {} 29 | env: 30 | - name: MONGO_INITDB_DATABASE 31 | value: meshcentral 32 | - name: MONGO_INITDB_ROOT_USERNAME 33 | value: mongodbuser 34 | - name: MONGO_INITDB_ROOT_PASSWORD 35 | valueFrom: 36 | secretKeyRef: 37 | name: tactical-secrets 38 | key: mongodb-password 39 | volumeMounts: 40 | - mountPath: /data/db 41 | name: mongo-data 42 | restartPolicy: Always 43 | volumes: 44 | - name: mongo-data 45 | persistentVolumeClaim: 46 | claimName: mongo-data 47 | --- 48 | apiVersion: v1 49 | kind: Service 50 | metadata: 51 | namespace: tacticalrmm 52 | labels: 53 | app: tacticalrmm 54 | service: tactical-mongodb 55 | name: tactical-mongodb 56 | spec: 57 | ports: 58 | - name: "27017" 59 | port: 27017 60 | targetPort: 27017 61 | selector: 62 | service: tactical-mongodb 63 | -------------------------------------------------------------------------------- /kubernetes/deployment/tactical-backend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | service: tactical-backend 8 | name: tactical-backend 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | service: tactical-backend 14 | strategy: 15 | type: Recreate 16 | template: 17 | metadata: 18 | labels: 19 | network/api-db: "true" 20 | network/redis: "true" 21 | network/proxy: "true" 22 | service: tactical-backend 23 | spec: 24 | securityContext: 25 | runAsUser: 1000 26 | fsGroup: 1000 27 | containers: 28 | - name: trmm-backend 29 | image: tacticalrmm/tactical:0.14.1 30 | args: 31 | - tactical-backend 32 | resources: {} 33 | env: 34 | - name: CERT_PUB_PATH 35 | value: /etc/ssl/certs/custom/tls.crt 36 | - name: CERT_PRIV_PATH 37 | value: /etc/ssl/certs/custom/tls.key 38 | volumeMounts: 39 | - mountPath: /opt/tactical 40 | name: tactical-data 41 | - mountPath: /etc/ssl/certs/custom 42 | name: tactical-certs 43 | restartPolicy: Always 44 | volumes: 45 | - name: tactical-data 46 | persistentVolumeClaim: 47 | claimName: tactical-data 48 | - name: tactical-certs 49 | secret: 50 | secretName: rmm-mydomain-com-tls 51 | --- 52 | apiVersion: v1 53 | kind: Service 54 | metadata: 55 | namespace: tacticalrmm 56 | labels: 57 | app: tacticalrmm 58 | service: tactical-backend 59 | name: tactical-backend 60 | spec: 61 | ports: 62 | - name: "http" 63 | port: 8080 64 | targetPort: 8080 65 | - name: "https" 66 | port: 4443 67 | targetPort: 4443 68 | selector: 69 | service: tactical-backend 70 | -------------------------------------------------------------------------------- /kubernetes/README.md: -------------------------------------------------------------------------------- 1 | # TacticalRMM Kubernetes manifests 2 | **Author:** [Joel DeTeves](https://github.com/joeldeteves) 3 | 4 | **Desription:** TacticalRMM Kubernetes manifests tested & working on Digital Ocean managed Kubernetes (DOKS). 5 | 6 | **Disclaimer:** _These manifests are experimental and as such are NOT SUPPORTED. I have done my best to make them as secure as possible however I am NOT responsible for anything that happens to you or your data as a result of using these files. Please do your due dilligence security-wise and open a Github issue if you wish to report a problem. USE AT YOUR OWN RISK. By using these files you agree that you are the sole entity responsible for any damages that may arise as a result._ 7 | 8 | # Pre-requisites 9 | - A working Kubernetes cluster 10 | - Kubernetes [NFS provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner) or another storage provisioner that supports ```ReadWriteMany``` 11 | - [cert-manager](https://github.com/jetstack/cert-manager) or a Lets Encrypt cert issuer of your choice. Alternatively, you can mount your own certs as secret volumes into the pods 12 | 13 | # Deploying the files 14 | 1. ```kubectl apply -f namespace.yaml``` 15 | 2. ```kubectl apply -f .``` 16 | 3. ```kubectl apply -f deployment/ -R``` 17 | 18 | # Notes 19 | The load balancer has ```externalTrafficPolicy: Local``` disabled by default, as it caused a health check issue with the Digital Ocean Load Balancer these manifests were tested on. It may need to be enabled depending on your cloud provider, see https://docs.nats.io/running-a-nats-service/introduction/running/nats-kubernetes/nats-external-nlb for more info 20 | 21 | # Questions / Concerns 22 | Please open an issue in Github or you can also check in the [Tactical RMM Discord Channel](https://discord.gg/upGTkWp). 23 | 24 | **Note: I am not affiliated with TRMM or AmidaWare; I am a community contributor. Please direct TRMM-related issues to the appropriate channels.** 25 | -------------------------------------------------------------------------------- /kubernetes/deployment/tactical-init-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | network/api-db: "true" 8 | network/proxy: "true" 9 | service: tactical-init 10 | name: tactical-init 11 | spec: 12 | containers: 13 | - args: 14 | - tactical-init 15 | image: tacticalrmm/tactical:0.14.1 16 | name: trmm-init 17 | env: 18 | - name: API_HOST 19 | value: api.rmm.mydomain.com 20 | - name: APP_HOST 21 | value: rmm.mydomain.com 22 | - name: MESH_HOST 23 | value: mesh.rmm.mydomain.com 24 | - name: MESH_WS_URL 25 | value: ws://tactical-meshcentral:4443 26 | - name: MESH_USER 27 | value: meshuser 28 | - name: POSTGRES_HOST 29 | value: 10.137.88.210 30 | - name: POSTGRES_PASS 31 | valueFrom: 32 | secretKeyRef: 33 | name: tactical-secrets 34 | key: postgres-password 35 | - name: POSTGRES_USER 36 | value: tacticalrmm 37 | - name: POSTGRES_DB 38 | value: tacticalrmm 39 | - name: TRMM_PASS 40 | valueFrom: 41 | secretKeyRef: 42 | name: tactical-secrets 43 | key: trmm-password 44 | - name: TRMM_USER 45 | value: tacticalrmm 46 | - name: CERT_PUB_PATH 47 | value: /etc/ssl/certs/custom/tls.crt 48 | - name: CERT_PRIV_PATH 49 | value: /etc/ssl/certs/custom/tls.key 50 | resources: {} 51 | volumeMounts: 52 | - mountPath: /opt/tactical 53 | name: tactical-data 54 | - mountPath: /etc/ssl/certs/custom 55 | name: tactical-certs 56 | restartPolicy: OnFailure 57 | volumes: 58 | - name: tactical-data 59 | persistentVolumeClaim: 60 | claimName: tactical-data 61 | - name: tactical-certs 62 | secret: 63 | secretName: rmm-mydomain-com-tls 64 | status: {} 65 | -------------------------------------------------------------------------------- /kubernetes/deployment/tactical-celery.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | service: tactical-celery 8 | name: tactical-celery 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | service: tactical-celery 14 | strategy: 15 | type: Recreate 16 | template: 17 | metadata: 18 | labels: 19 | network/api-db: "true" 20 | network/redis: "true" 21 | service: tactical-celery 22 | spec: 23 | securityContext: 24 | runAsUser: 1000 25 | fsGroup: 1000 26 | containers: 27 | - name: trmm-celery 28 | image: tacticalrmm/tactical:0.14.1 29 | args: 30 | - tactical-celery 31 | resources: {} 32 | env: 33 | - name: CERT_PUB_PATH 34 | value: /etc/ssl/certs/custom/tls.crt 35 | - name: CERT_PRIV_PATH 36 | value: /etc/ssl/certs/custom/tls.key 37 | volumeMounts: 38 | - mountPath: /opt/tactical 39 | name: tactical-data 40 | restartPolicy: Always 41 | volumes: 42 | - name: tactical-data 43 | persistentVolumeClaim: 44 | claimName: tactical-data 45 | --- 46 | apiVersion: apps/v1 47 | kind: Deployment 48 | metadata: 49 | namespace: tacticalrmm 50 | labels: 51 | app: tacticalrmm 52 | service: tactical-celerybeat 53 | name: tactical-celerybeat 54 | spec: 55 | replicas: 1 56 | selector: 57 | matchLabels: 58 | service: tactical-celerybeat 59 | strategy: 60 | type: Recreate 61 | template: 62 | metadata: 63 | labels: 64 | network/api-db: "true" 65 | network/redis: "true" 66 | service: tactical-celerybeat 67 | spec: 68 | containers: 69 | - name: trmm-celerybeat 70 | image: tacticalrmm/tactical:0.14.1 71 | args: 72 | - tactical-celerybeat 73 | resources: {} 74 | volumeMounts: 75 | - mountPath: /opt/tactical 76 | name: tactical-data 77 | restartPolicy: Always 78 | volumes: 79 | - name: tactical-data 80 | persistentVolumeClaim: 81 | claimName: tactical-data 82 | -------------------------------------------------------------------------------- /scripts/trmmdockerpostgresupdate.txt: -------------------------------------------------------------------------------- 1 | ### Find tacticalrmm postgres volume 2 | 3 | sudo docker volume ls 4 | 5 | 6 | ### Copy mountpoint info 7 | 8 | sudo docker volume inspect tacticalrmm_postgres_data 9 | 10 | "Mountpoint": "/path/to/docker/volumes/tacticalrmm_postgres_data/_data" 11 | 12 | 13 | ### Stop tactical containers 14 | 15 | 16 | ### Dump database 17 | 18 | sudo docker run -d --name=temppostgres -e POSTGRES_USER=tactical -e POSTGRES_PASSWORD=password -e POSTGRES_DB=tacticalrmm -v /path/to/docker/volumes/tacticalrmm_postgres_data/_data:/var/lib/postgresql/data postgres:13-alpine 19 | 20 | sudo docker exec -it temppostgres bash 21 | 22 | pg_dump -U tactical -d tacticalrmm > /var/lib/postgresql/data/dump.sql 23 | 24 | exit 25 | 26 | 27 | ### Backup postgres volume using parent folder 28 | 29 | sudo cp -R /path/to/docker/volumes/tacticalrmm_postgres_data/ /path/to/docker/volumes/tacticalrmm_postgres_data_backup 30 | 31 | 32 | ### Stop old container and remove it 33 | 34 | sudo docker stop temppostgres 35 | 36 | sudo docker rm temppostgres 37 | 38 | 39 | ### Delete old volume 40 | 41 | sudo rm -rf /path/to/docker/volumes/tacticalrmm_postgres_data 42 | 43 | 44 | ### Pull new image 45 | 46 | sudo docker pull postgres:14-alpine 47 | 48 | 49 | ### start postgres14 container 50 | 51 | sudo docker run -d --name=temppostgres -e POSTGRES_USER=tactical -e POSTGRES_PASSWORD=password -e POSTGRES_DB=tacticalrmm -v /path/to/docker/volumes/tacticalrmm_postgres_data/_data:/var/lib/postgresql/data postgres:14-alpine 52 | 53 | 54 | ### Copy dump to docker postgres dir 55 | 56 | sudo cp /path/to/docker/volumes/tacticalrmm_postgres_data_backup/_data/dump.sql /path/to/docker/volumes/tacticalrmm_postgres_data/_data/dump.sql 57 | 58 | 59 | ### log into updated container/image 60 | 61 | sudo docker exec -it temppostgres bash 62 | 63 | 64 | ### Update dump perms 65 | 66 | chmod 755 /var/lib/postgresql/data/dump.sql 67 | 68 | 69 | ### import database into updated container/image 70 | 71 | psql -U tactical -d tacticalrmm < /var/lib/postgresql/data/dump.sql 72 | 73 | 74 | ### Double-check postgres user settings 75 | 76 | psql tacticalrmm tactical 77 | 78 | ALTER ROLE tactical SET client_encoding TO 'utf8'; 79 | 80 | ALTER ROLE tactical SET default_transaction_isolation TO 'read committed'; 81 | 82 | ALTER ROLE tactical SET timezone TO 'UTC'; 83 | 84 | GRANT ALL PRIVILEGES ON DATABASE tacticalrmm TO tactical; 85 | 86 | quit 87 | 88 | exit 89 | 90 | 91 | ### Stop and remove temp postgres container 92 | 93 | sudo docker stop temppostgres 94 | 95 | sudo docker rm temppostgres 96 | 97 | 98 | ### Change docker compose 99 | 100 | change 101 | image: postgres:13-alpine 102 | to 103 | image: postgres:14-alpine 104 | 105 | ### Start the stack -------------------------------------------------------------------------------- /scripts/migrate-mesh-to-postgres.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # NOTE: Node might need some postgres modules installed. 4 | # cd $mesh_install 5 | # node npm install pg pgtools 6 | 7 | # NOTE: These can be modified if necessary. 8 | mesh_install="/meshcentral" 9 | mesh_data="/meshcentral/meshcentral-data" 10 | mesh_program="node_modules/meshcentral" 11 | 12 | if ! which jq >/dev/null 13 | then 14 | echo "jq is not installed" 15 | echo "Please install jq with:" 16 | echo " sudo apt-get install jq" 17 | exit 1 18 | fi 19 | 20 | GREEN='\033[0;32m' 21 | YELLOW='\033[1;33m' 22 | BLUE='\033[0;34m' 23 | RED='\033[0;31m' 24 | NC='\033[0m' 25 | 26 | print_green() { 27 | printf >&2 "${GREEN}%0.s-${NC}" {1..80} 28 | printf >&2 "\n" 29 | printf >&2 "${GREEN}${1}${NC}\n" 30 | printf >&2 "${GREEN}%0.s-${NC}" {1..80} 31 | printf >&2 "\n" 32 | } 33 | 34 | print_green 'Creating login for the meshcentral database' 35 | meshdbuser=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 8 | head -n 1) 36 | meshdbpw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) 37 | 38 | # Postgres database name has to be "meshcentral" 39 | # https://github.com/Ylianst/MeshCentral/issues/3398 40 | meshdbname="meshcentral" 41 | 42 | # Meshcentral configs 43 | MESH_PG_DB="$meshdbname" 44 | MESH_PG_USER="$meshdbuser" 45 | MESH_PG_PW="$meshdbpw" 46 | MESH_PG_PORT="5432" 47 | MESH_PG_HOST="localhost" 48 | 49 | print_green 'Creating postgres database for the meshcentral' 50 | sudo -u postgres psql < "${mesh_data}/config-postgres.json" 69 | 70 | # Backup Meshcentral config for MongoDB 71 | print_green 'Backing up meshcentral config' 72 | cp "${mesh_data}/config.json" "${mesh_data}/config-mongodb-$(date "+%Y%m%dT%H%M%S").json" 73 | cp "${mesh_data}/config-postgres.json" "${mesh_data}/config.json" 74 | 75 | print_green 'Restart meshcentral' 76 | sudo systemctl restart meshcentral 77 | print_green 'Import Database from meshcentral' 78 | node "${mesh_program}" --dbimport 79 | print_green 'Final restart of meshcentral' 80 | sudo systemctl restart meshcentral 81 | 82 | print_green 'Shutting down MongoDB' 83 | sudo systemctl stop mongod.service 84 | print_green 'Disabling MongoDB' 85 | sudo systemctl disable mongod.service 86 | 87 | -------------------------------------------------------------------------------- /kubernetes/deployment/tactical-meshcentral.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | service: tactical-meshcentral 8 | name: tactical-meshcentral 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | service: tactical-meshcentral 14 | strategy: 15 | type: Recreate 16 | template: 17 | metadata: 18 | labels: 19 | network/mesh-db: "true" 20 | network/proxy: "true" 21 | service: tactical-meshcentral 22 | spec: 23 | securityContext: 24 | runAsUser: 1000 25 | fsGroup: 1000 26 | containers: 27 | - name: trmm-meshcentral 28 | image: tacticalrmm/tactical-meshcentral:0.14.1 29 | resources: {} 30 | env: 31 | - name: MESH_HOST 32 | value: mesh.rmm.mydomain.com 33 | - name: MESH_USER 34 | value: meshuser 35 | - name: MESH_PASS 36 | valueFrom: 37 | secretKeyRef: 38 | name: tactical-secrets 39 | key: mesh-password 40 | - name: MESH_PERSISTENT_CONFIG 41 | value: "0" 42 | - name: MONGODB_USER 43 | value: mongodbuser 44 | - name: MONGODB_PASSWORD 45 | valueFrom: 46 | secretKeyRef: 47 | name: tactical-secrets 48 | key: mongodb-password 49 | - name: NGINX_HOST_IP # Point to NGINX service 50 | value: tactical-nlb 51 | - name: NGINX_HOST_PORT # Should match the EXTERNAL port of the NGINX service 52 | value: "443" 53 | - name: WS_MASK_OVERRIDE # Enable for Traefik compatibility 54 | value: "0" 55 | - name: SMTP_HOST 56 | value: smtp.example.com 57 | - name: SMTP_PORT 58 | value: "587" 59 | - name: SMTP_FROM 60 | value: mesh@example.com 61 | - name: SMTP_USER 62 | value: mesh@example.com 63 | - name: SMTP_PASS 64 | valueFrom: 65 | secretKeyRef: 66 | name: tactical-secrets 67 | key: mesh-smtp-password 68 | - name: SMTP_TLS 69 | value: "false" 70 | volumeMounts: 71 | - mountPath: /opt/tactical 72 | name: tactical-data 73 | - mountPath: /home/node/app/meshcentral-data 74 | name: mesh-data 75 | restartPolicy: Always 76 | volumes: 77 | - name: tactical-data 78 | persistentVolumeClaim: 79 | claimName: tactical-data 80 | - name: mesh-data 81 | persistentVolumeClaim: 82 | claimName: mesh-data 83 | --- 84 | apiVersion: v1 85 | kind: Service 86 | metadata: 87 | namespace: tacticalrmm 88 | labels: 89 | app: tacticalrmm 90 | service: tactical-meshcentral 91 | name: tactical-meshcentral 92 | spec: 93 | ports: 94 | - name: "http" 95 | port: 8080 96 | targetPort: 8080 97 | - name: "https" 98 | port: 4443 99 | targetPort: 4443 100 | selector: 101 | service: tactical-meshcentral 102 | -------------------------------------------------------------------------------- /kubernetes/deployment/tactical-web.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: tacticalrmm 5 | labels: 6 | app: tacticalrmm 7 | service: tactical-nlb 8 | name: tactical-web 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | service: tactical-nlb 14 | strategy: 15 | type: Recreate 16 | template: 17 | metadata: 18 | labels: 19 | network/proxy: "true" 20 | service: tactical-nlb 21 | spec: 22 | securityContext: 23 | runAsUser: 1000 24 | fsGroup: 1000 25 | containers: 26 | - name: nginx 27 | image: tacticalrmm/tactical-nginx:0.14.1 28 | resources: {} 29 | env: 30 | - name: API_HOST 31 | value: api.rmm.mydomain.com 32 | - name: APP_HOST 33 | value: rmm.mydomain.com 34 | - name: MESH_HOST 35 | value: mesh.rmm.mydomain.com 36 | - name: NGINX_RESOLVER 37 | value: kube-dns.kube-system.svc.cluster.local 38 | - name: BACKEND_SERVICE 39 | value: tactical-backend.tacticalrmm.svc.cluster.local 40 | - name: FRONTEND_SERVICE 41 | value: tactical-frontend.tacticalrmm.svc.cluster.local 42 | - name: MESH_SERVICE 43 | value: tactical-meshcentral.tacticalrmm.svc.cluster.local 44 | - name: WEBSOCKETS_SERVICE 45 | value: tactical-websockets.tacticalrmm.svc.cluster.local 46 | - name: NATS_SERVICE 47 | value: tactical-nats.tacticalrmm.svc.cluster.local 48 | - name: CERT_PUB_PATH 49 | value: /etc/ssl/certs/custom/tls.crt 50 | - name: CERT_PRIV_PATH 51 | value: /etc/ssl/certs/custom/tls.key 52 | ports: 53 | - containerPort: 8080 54 | - containerPort: 4443 55 | volumeMounts: 56 | - mountPath: /opt/tactical 57 | name: tactical-data 58 | - mountPath: /etc/ssl/certs/custom 59 | name: tactical-certs 60 | - name: trmm-nats 61 | image: tacticalrmm/tactical-nats:0.14.1 62 | resources: {} 63 | env: 64 | - name: API_HOST 65 | value: api.rmm.mydomain.com 66 | - name: NATS_CONFIG_CHECK_INTERVAL 67 | value: "10" 68 | ports: 69 | - containerPort: 4222 70 | - containerPort: 9235 71 | volumeMounts: 72 | - mountPath: /opt/tactical 73 | name: tactical-data 74 | - mountPath: /etc/ssl/certs/custom 75 | name: tactical-certs 76 | restartPolicy: Always 77 | volumes: 78 | - name: tactical-data 79 | persistentVolumeClaim: 80 | claimName: tactical-data 81 | - name: tactical-certs 82 | secret: 83 | secretName: rmm-mydomain-com-tls 84 | status: {} 85 | --- 86 | apiVersion: v1 87 | kind: Service 88 | metadata: 89 | namespace: tacticalrmm 90 | labels: 91 | app: tacticalrmm 92 | service: tactical-nats 93 | name: tactical-nats 94 | spec: 95 | type: ClusterIP 96 | ports: 97 | - name: "nats-ws" 98 | port: 9235 99 | selector: 100 | service: tactical-nlb 101 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Awesome Tactical RMM (TRMM) [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) 2 | 3 | > A list of awesome things related to Tactical RMM 4 | 5 | - [Awesome Tactical RMM (TRMM)](https://github.com/amidaware/trmm-awesome) 6 | - [Resources](#resources) 7 | - [Official Resources](#official-resources) 8 | - [External Resources](#external-resources) 9 | - [Official Community](#official-community) 10 | - [Tutorials](#tutorials) 11 | - [Video Tutorials](#video-tutorials) 12 | - [Articles](#articles) 13 | - [Community App Extensions](#community-app-extensions) 14 | 15 | # Resources 16 | 17 | ### Official Resources 18 | 19 | - [Official Documentation](https://docs.tacticalrmm.com/) 20 | - [Tactical RMM GitHub Repo](https://github.com/wh1te909/tacticalrmm) 21 | - [Tactical RMM Release Notes](https://github.com/wh1te909/tacticalrmm/releases) 22 | 23 | ### External Resources 24 | 25 | > These resources have not been created by the Tactical RMM Team, nor do we maintain them or financially benefit from them. 26 | 27 | Since you're probably an MSP or doing Computer management stuff here's a google sheet with a bunch of services that you can check for yourself. If you see missing data, feel free to update and help the next guy. 28 | 29 | 30 | 31 | #### Windows 7 and Powershell v2 scripts 32 | 33 | 34 | 35 | #### Install Tactical Agent via MSI / Active Directory 36 | 37 | 38 | #### Grafana Dashboards 39 | 40 | Get graphical dashboards for status screens, wall TVs and NOCs 41 | 42 | 43 | 44 | #### Kubernetes files 45 | 46 | 47 | 48 | #### Migrate MeshCentral2 database from mongo to postgres 49 | 50 | 51 | 52 | #### trmm-cli access to api 53 | 54 | 55 | 56 | #### Docker update, certificates and other stuff 57 | 58 | 59 | 60 | #### Docker upgrade postgres 13 to 14 61 | 62 | 63 | 64 | #### Docker backup scripts 65 | 66 | 67 | 68 | #### Azure terraform scripts 69 | 70 | 71 | 72 | #### Rundeck Plugin 73 | 74 | 75 | 76 | #### Zabbix Howto 77 | 78 | 79 | 80 | #### RustDesk Integration 81 | 82 | Install your own RustDesk Server as an alternative to MeshCentral 83 | 84 | 85 | 86 | #### Webhooks 87 | 88 | 89 | ### Official Community 90 | 91 | - [Official Chat Room - Discord](https://discord.gg/upGTkWp) 92 | 93 | ### Misc Scripts from Users 94 | 95 | - Deleting Clients and Sites in TRMM 96 | - Print job fixing 97 | - Preview updates to ignore across all agents using the API and without installing any 3rd party libraries 98 | - Toggle the approval and installation of a specific KB across all agents using the API and without installing any 3rd party libraries 99 | - Syncs agents from Tactical RMM to Hudu 100 | - Installs Sophos Endpoint via the Sophos API 101 | 102 | 103 | 104 | ### Tutorials 105 | 106 | [Server Installation (German)](https://www.howtoforge.de/uncategorized/tactical-rmm-server-installation-zur-verwaltung-von-windows-clients/) 107 | 108 | #### Video Tutorials 109 | 110 | - Full Front End Walkthru @bbrendon 111 | 112 | #### Articles 113 | 114 | 115 | 116 | [Howto install Tactical RMM including MeshCentral on Nethserver with docker](https://community.nethserver.org/t/howto-install-tactical-rmm-including-meshcentral-on-nethserver-with-docker/19112) 117 | 118 | # Community App Extensions 119 | 120 | ...Coming Soon 121 | -------------------------------------------------------------------------------- /scripts/Windows_Defender_Allowed_List.ps1: -------------------------------------------------------------------------------- 1 | # Allows the following Apps access as they are allowed on our system 2 | 3 | ## Exclusions for Controlled Folder Access 4 | 5 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\PeaZip\peazip.exe" 6 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\Revit 2019\Revit.exe" 7 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\Revit 2020\Revit.exe" 8 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\Revit 2022\Revit.exe" 9 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Nitro\Pro 11\NitroPDF.exe" 10 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Tekla\Structural\Tedds\Tedds.exe" 11 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" 12 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\AutoCAD 2020\acad.exe" 13 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\AutoCAD 2022\acad.exe" 14 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Mesh Agent\MeshAgent.exe" 15 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\TacticalAgent\tacticalrmm.exe" 16 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\TacticalAgent\meshagent.exe" 17 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\AutoCAD LT 2020\acadlt.exe" 18 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\AutoCAD LT 2019\acadlt.exe" 19 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\AutoCAD LT 2018\acadlt.exe" 20 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\AutoCAD LT 2017\acadlt.exe" 21 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\AutoCAD LT 2016\acadlt.exe" 22 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\AutoCAD 2016\acad.exe" 23 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\AutoCAD LT 2015\acadlt.exe" 24 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Sage\Accounts\SBDDesktop.exe" 25 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\PROGRA~1\Nitro\PRO11~1\NitroPDF" 26 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\ShareX\ShareX.exe" 27 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office 15\root\office15\winword.exe" 28 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office 15\root\office15\excel.exe" 29 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office 15\root\office15\powerpoint.exe" 30 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe" 31 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office 15\root\office15\outlook.exe" 32 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" 33 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\root\Office16\winword.EXE" 34 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\root\Office16\powerpoint.EXE" 35 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.EXE" 36 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE" 37 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\Office15\winword.EXE" 38 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\Office15\powerpoint.EXE" 39 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\Office15\outlook.EXE" 40 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE" 41 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office\root\Office16\winword.EXE" 42 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office\root\Office16\powerpoint.EXE" 43 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office\root\Office16\outlook.EXE" 44 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office\root\Office15\EXCEL.EXE" 45 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office\root\Office15\winword.EXE" 46 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office\root\Office15\powerpoint.EXE" 47 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office\root\Office15\outlook.EXE" 48 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Tekla\Structural\Fastrak\PFR.exe" 49 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" 50 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Adobe\Adobe Photoshop 2021\Photoshop.exe" 51 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\CCleaner\CCleaner64.exe" 52 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Tekla\Structural\Fastrak\tcd.exe" 53 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\Revit 2022\Revit.exe" 54 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\EvolutionM Client\client\wowclient.exe" 55 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe" 56 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14326.20348.0_x86__8wekyb3d8bbwe\Office16\excel.exe" 57 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Thesaurus Software\BrightPay UK 2021-22\brightpay.exe" 58 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Brother\iPrint&Scan\Brother iPrint&Scan\Brother iPrint&Scan.exe" 59 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Bullzip\PDF Printer\gui.exe" 60 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" 61 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Bullzip\PDF Printer\gui.exe" 62 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\DWG TrueView 2021 - English\dwgviewr.exe" 63 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Windows\System32\SearchProtocolHost.exe" 64 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Autodesk\Revit 2022\Revit.exe" 65 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Windows\System32\RuntimeBroker.exe" 66 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" 67 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE" 68 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" 69 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Draycir\Credit Hound\Credit Hound.exe" 70 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" 71 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE" 72 | Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" 73 | 74 | ##Exclusions for Processes 75 | Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE" 76 | Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" 77 | Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" 78 | Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE" 79 | Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" 80 | Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe" 81 | Add-MpPreference -ExclusionPath "C:\Program Files\PeaZip\peazip.exe" 82 | 83 | 84 | Write-Output "Exclusions added to defender" --------------------------------------------------------------------------------