Abstract: A method of automated software management includes importing update metadata consumed from an update list describing cybersecurity vulnerabilities and product updates. Based on the update metadata, the method includes generating an initial update list including outstanding product updates for endpoints included in a managed network. The method includes discovering products of an endpoint of the managed network. Based on discovered products, the method includes generating an endpoint-specific inventory including product metadata of the products loaded on the endpoint. The method includes identifying an unnecessary product update of the outstanding product updates not related to the discovered products. The method includes filtering the unnecessary product update from the initial update list to generate a modified update list including a subset of outstanding product updates and omitting the unnecessary product update.

Abstract: A method of product update analysis and management includes receiving metadata of a product update related to a code change of an application on an endpoint of a managed network. The method includes scraping posts related to the product update from two different internet websites. The method includes aggregating the posts from the internet websites. The method includes quantifying a social volume from the aggregated posts. The social volume being a measure of discussion related to the product update. The method includes extracting content from the aggregated posts. Based on the extracted content, the method includes summarizing the posts into a collection of terms or phrases representative of a topic of the posts. The method includes causing display of an indication of the social volume and the collection of terms or phrases. The method includes implementing the product update to affect a change in program code at the application.

Abstract: A computing device configured for determining a node status is described. The computing device includes a processor and instructions in memory. The computing device determines a representative node corresponding to a network group with multiple nodes. The computing device also sends a status retrieval directive to the representative node. The status retrieval directive includes a directive for retrieval of the node status of a target node. The computing device also receives the node status of the target node from the representative node and stores the node status on a database.

Abstract: A method for providing computer-related support to an end user is described. The method includes receiving, from a mobile device, an image of a user-readable message that is displayed by a computing device. The method also includes identifying one or more solutions using text extracted from the image of the user-readable message. The method further includes sending the one or more solutions to the mobile device for display on the mobile device.

Abstract: A method of mobile device management (MDM) comprising scanning, by an optical reader of a first mobile device, an optical code. The optical code is generated based on a policy and a group that includes the first and a second mobile device. The optical code has encoded enrollment details of the policy. Responsive to the scanning, the method includes connecting to a computer interface on which an enrollment application is accessible and causing display of an enrollment page. The method includes receiving identification input entered into the enrollment page. In response to the identification input, the method includes automatically transferring the enrollment details and the identification input to the enrollment application. Based on the transfer, enrolling the first mobile device in a MDM system. Enrollment of the first mobile device includes enabling a set of functions of the first mobile device consistent with the policy of the group.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: An embodiment includes a method of secured, remote device access through dynamic scope adjustment in an incident management system. The method includes receiving an incident report indicative of a technical issue at a first device. Responsive to receipt of the incident report, the method includes determining that the first device is assigned an information technology (IT) support provider and dynamically elevating the first device to a scope of the IT support provider. Following a correction of at least a portion of the technical issue by the IT support provider, the method includes dynamically relegating the first device from the scope to prevent remote access to the first device following the correction.

Abstract: Methods of adding data identifiers and speech/voice recognition functionality are disclosed. A telnet client runs one or more scripts that add data identifiers to data fields in a telnet session. The input data is inserted in the corresponding fields based on data identifiers. Scripts run only on the telnet client without modifications to the server applications. Further disclosed are methods for providing speech recognition and voice functionality to telnet clients. Portions of input data are converted to voice and played to the user. A user also may provide input to certain fields of the telnet session by using his voice. Scripts running on the telnet client convert the user's voice into text and is inserted to corresponding fields.

Abstract: An embodiment includes a method of self-election of a node in a subnet. The method includes receiving a first ping message. The first ping message is unicast from a second node, includes direct information related to the second node, and includes indirect information related to a third node. The method includes updating a first status of the second node in a status list stored at the first node consistent with the direct information. The method includes determining whether statuses of a threshold number of nodes have been received. Responsive to the threshold number of nodes being received, the method includes performing a local election operation. The method includes propagating a second ping message to a randomly identified additional node. The second ping message includes direct information regarding the first node and indirect information regarding at least one other node.

Abstract: A method for converting data between two data transfer protocols is described. The method includes receiving first HyperText Transfer Protocol (HTTP) enabled data from a first computer system. The method also includes converting the first HTTP-enabled data obtained from the first computer system to first remote terminal session data.

Abstract: A method of remote device diagnosis and mitigation includes receiving a signal indicative of an intermittent technical state of a first device Immediately responsive thereto, the method includes interrogating the first device for parameters. The method includes interrogating the first device for the parameters at a third time outside receipt of the signal. The parameters include a transient parameter present at a first time of the intermittent technical state and not present a second time following the first time. The method includes recording the parameters from the first time in a first data file and the parameters for the third time in an additional data file. The first data file is compared with the additional data file to identify a difference in a parameter indicative of a cause of the intermittent technical state. The method includes remotely implementing a change on the first device to mitigate the cause.

Abstract: A method for managing nodes is disclosed. The method includes testing a management script on a management server for managing at least one node. The method also includes receiving administrator validation to distribute the management script. The method further includes sending the validated management script to one or more management servers on one or more networks.

Abstract: An apparatus includes a processor and a memory operatively coupled to the processor. The processor is configured to automatically send queries to client devices, and to receive responses from the client devices in response to the queries. The processor is configured to identify, based on the responses and on role information stored in an Active Directory database, roles of current users of the client devices and identify based on the roles security risks associated with the client devices. The roles can differ among users. The processor is configured to select a remedial action for at least one of the client devices based on the security risk associated with that client device, and is configured to implement the remedial action on that client device. The processor is configured to not select a remedial action for another of the client devices based on the security risk associated with that client device.

Abstract: A method for automatic presentation of a terminal application screen is described. The method includes receiving terminal application screen data from a server. The method also includes selecting a transformation template based on a comparison of text in the terminal application screen data to identification text in the transformation template. The transformation template includes instructions for transforming the terminal application screen data into an HTML page. The method further includes transforming the terminal application screen data into the HTML page using the selected transformation template. The HTML page is displayed in a web interface on a client device.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: A method for automatic presentation of a terminal application screen is described. The method includes receiving terminal application screen data from a server. The method also includes selecting a transformation template based on a comparison of text in the terminal application screen data to identification text in the transformation template. The transformation template includes instructions for transforming the terminal application screen data into an HTML page. The method further includes transforming the terminal application screen data into the HTML page using the selected transformation template. The HTML page is displayed in a web interface on a client device.

Abstract: A method for modifying a system-defined user interface control on a computing device is described. The method includes wrapping, on the computing device, a system-defined control within a programmer-defined control at run-time and modifying functionality of the system-defined control at run-time. Modifying functionality includes intercepting an initial message for a system-defined control, preventing the system-defined control from rendering and rendering a programmer-defined control in place of the system-defined control. Modifying functionality also includes intercepting a message for the system-defined control, determining whether the message requires modified functionality and providing modified functionality if the message requires modified functionality. Modifying functionality also includes sending the message to the system-defined control if the message does not require modified functionality and providing regular functionality if the message does not require modified functionality.

Abstract: An apparatus includes a processor operatively coupled to a memory. The processor detects a software application installed on a client computing device, and/or usage data. Detected usage data is associated with a current user of the client computing device and with the software application. The processor identifies a user role for the current user based on the software application and/or usage data. The processor applies a security configuration to the client computing device based on the user role. The security configuration limits access by the current user to a portion of the software application. The processor sends an identifier of the user role to an administrative server for storage in an Active Directory (AD) database.

Abstract: An apparatus includes a processor operatively coupled to a memory. The processor receives a first set of risk assessment rules including first user privilege criteria and first device criteria. The first device criteria include a computing device patch level, a network type, and/or a password policy. The processor identifies a user-specific security risk based on the first set of risk assessment rules and applies a privilege mitigation measure based on the user-specific security risk without being in communication with a management server. The processor later receives a second, updated set of risk assessment rules at the computing device. Upon detecting another login of the user, the processor identifies an updated user-specific security risk based on the updated set of risk assessment rules, and applies a modified privilege mitigation measure based on the updated user-specific security risk, again without being in communication with the management server.

Abstract: A computing device configured for using a member attribute to perform a database operation is described. The computing device includes a processor and instructions stored in memory. The computing device generates an object based on a class with a member. The member has an associated attribute that indicates a database mapping. The computing device also performs a database operation based on the attribute.