Home General Discussion

What service offerings your organizations has on the portal?

Adrian_MataiszAdrian_Mataisz Customer Advanced IT Monkey ✭✭✭

I'm wondering we can share what kind of offerings we have on our Cireson portal, what questions you ask, what automations you use?  Any department specific etc?  Looking for ideas and how to improve ours.


  • Options
    Adam_DzyackyAdam_Dzyacky Product Owner Contributor Monkey ✭✭✭✭✭
    Human Resources:
    • Hire employees
    • Extend a Contract (extend AD expiration date runbook)
    • Extend a Direct Report (based on the manager/direct report and of course [me] token)
    • Terminate employees
    • Terminate a Direct Report (based on the manager/direct report and of course [me] token)
    • Set out of office replies for a direct report
    • Request Time Off
    Information Systems
    • Create Security Groups
    • Create Shared Mailboxes
    • ALL hardware requests (some are just basic SRs some leverage Cireson AM. #transition)
    • Reset passwords (orchestrator/sma based)
    • New Virtual Machines (sma based)

    Those are the bulk that I can think of. Other departments are generally using it as a process/workflow tool just to track their daily (manual) requests.
  • Options
    Steve_O'ConnorSteve_O'Connor Customer IT Monkey ✭
    edited July 2016
    Business Services:
    • ERP Account Request
    • PLM Access Request
    Central IT Services:
    • Shared Folder Access Request (Runbook, Permissions Database, notifications to security group owners for approval)
    • Leaving User
    • New User
    • New User Onboarding Hardware and Software
    • Decomission User Account (Service Desk Only View)
    • HDD Data recovery (Service Desk Only View)
    • Data Restore Request
    Communication Services:
    • Desk Phone Request
    • Mobile Phone Request
    • Remote Access Request
    Is something broken?
    • Raise an Issue
    • Request for Change (Advanced Request Offering which inputs answers to questions into an SR, if the RFC is approved by Business Analyst, we have a runbook which then creates a related CR with the information and the affected user as the change initiator. The SR is then used as the 'communication ticket' for the end user until it is completed)
    Personal Computing Services:
    • Generic Hardware Request (Keyboards, Mice etc)
    • Desktop Request
    • Laptop Request
    • Laptop Charger Request
    • Monitor Request
    • Software Request
    • Workstation Request
    Currently working on changing the software request to open the ConfigMgr Software Catalogue. The request would then be made through it, Orchestrator checks for application requests in configmgr, then creates and SR from a template for approval, Service Desk or Finance approve said request, runbook to approve request then triggers and approval is granted.

    This one is a work in progress, I need to create a DB to store the GUIDS from the application request from ConfigMgr, then have orchestrator runbook lookup the GUIDS and if one is present not log the request again.

    Should be very similar to our Shared folder access request which has a DB with the folder path, security group for permissions and the permissions that group gives to the folder.

    This is just the start for us, we are planning on a lot more.

    Hope that helps!

  • Options
    Adam_DzyackyAdam_Dzyacky Product Owner Contributor Monkey ✭✭✭✭✭
    @Steve_O'Connor - What mechanism/tool are you using for keeping the permissions DB up to date? Second to that, what does the request look like? Do you have to type in a file patch, or do you have drop downs that are updated via PowerShell/SMlets? I ask as I've toyed with a similar idea, just seems like a nightmare to execute.
  • Options
    Steve_O'ConnorSteve_O'Connor Customer IT Monkey ✭
    I'm using Powershell to update the database, Orchestrator or a scheduled task will keep it updated.


    function processfolder ($folderpath, $currentdepth) {<br><br>#for each subfolder<br>#if depth is less than 5 processfolder ($subfolderpath, $currentdepth +1)<br><br>$depth = $currentdepth<br><br>If ($depth&nbsp; -le $maxdepth){<br>$childfolders = @{}<br>$childfolders = get-childitem $folderpath -attributes directory<br><br>foreach ($childfolder in $childfolders) {<br>$childfolderpath = $folderpath + "\" + $childfolder.name<br>$nextdepth = $depth +1<br>processfolder $childfolderpath $nextdepth<br><br>}<br><br>}<br><br><br>$a = @{}<br>$a = get-acl $folderpath | select -expand access<br><br>foreach ($ace in $a) {<br>If ($ace.IsInherited -ne "True"){<br><br><br>write-host $folderpath<br>$group = $ace.IdentityReference<br>$group = $group -replace 'DOMAINNAME', '' <br>$group = $group.trim("\")<br><br>#Match the start of permissions group - ours for example NTFS-D<br>If (($group -match "PERMISSIONSGROUP") -and ($group -notmatch "list")){<br>write-host $group<br>write-host $ace.IsInherited<br>$level = $ace.FileSystemRights<br>$level = $level -replace ', Synchronize', ''<br>write-host $level<br>$id = get-random<br>$sqlstatement = "TRUNCATE TABLE dbo.permtable;"<br>$sqlstatement = "INSERT INTO dbo.permtable (ID,Groupname,Folder,Level) VALUES ('$ID','$group','$folderpath','$level')" <br>$sqlcmd.commandtext = $sqlstatement<br>$InsertedID = $sqlCmd.ExecuteScalar()<br>}<br><br>}<br><br>}<br><br>}&nbsp; <br>#########End Function<br><br>##################script body<br><br>$sqlserver = "SQLSERVER\INSTANCE"<br>$reportingdatabase = "Permissions"<br><br>$sqlconnection = New-Object System.Data.SqlClient.SqlConnection<br>$sqlconnection.ConnectionString = "Server = $sqlserver; Database = $reportingdatabase; Integrated Security = True"<br>$sqlconnection.Open()<br><br>$sqlcmd = New-Object System.Data.SqlClient.SqlCommand<br>$sqlcmd.Connection = $sqlconnection<br><br><br># root level folder.<br>$rootpath = "\\MYSHAREDFOLDERAREA"<br>$startdepth = 1<br>$maxdepth = 5<br>processfolder $rootpath $startdepth<br>

    This updates the Permissions DB - it truncates the table first as well.

    The request it self is a simple request - it looks like this:

    I've created a custom form in service manager inherited class with the folder path, access level and finally the security group.

    Orchestrator runbook takes the folder path from the request and the access level (these are both list values that match the tables in the permissions database, when the runbook gets the two fields, it then adds the matching security group to the form.

    After that it queries AD for the permissions group owner and sends them an email request for approval with the justification in it

    This is a generic approval runbook that we created for when a user is added as a reviewer

    If its approved, then another runbook triggers that adds the affected user to the permissions group in AD.


    If the permissions group does not have an owner the runbook then logs a ticket to Service Desk to track down and update. They then have a task in the IR that is generated to add the affected user to the permissions group once they have a permissions group owner and approval.

    Further improvements will be to find some way to update the list values in service manager when the database is updated. No idea on this one yet!

    Hope that helps!
  • Options
    Adam_DzyackyAdam_Dzyacky Product Owner Contributor Monkey ✭✭✭✭✭
    Well that is brilliant. +12 @Steve_O'Connor

  • Options
    Steve_O'ConnorSteve_O'Connor Customer IT Monkey ✭
    Thanks @Adam_Dzyacky
  • Options
    John_LongJohn_Long Customer Advanced IT Monkey ✭✭✭
    Not live yet, but will be on 15th August! Going live with Facilities, HR and Internal IT service offerings initially. Will expand to some finance requests as a next phase.

    Predominantly manual activities for now whilst we build up repo of SMA runbooks.

    Learning & Development
    • Request help with LearnUpon (internal learning management system)

    • Report a Facilities issue (e.g. lights out, AirCon, etc.)
    • Request Office Furniture (chair, locker, pedestial, etc.)
    - General

    • Apply for Flexible Working
    • Submit Career Path Development Plan
    • Submit Career Path Development Change Request
    • Request employee reference letter
    • General Query
    We then have geographic offerings for Ireland, UK, etc. Visibility controlled by security groups which are updated via SMA nightly. Legal requirements vary geographically, hence the dedicated SO's. For example:

    - UK/ROI/NI

    • Apply for company pension
    • Apply for company healthcare plan
    • Apply for Bike 2 Work Scheme
    • Apply for maternity/parental leave
    Internal IT
    - Business Applications
    • Log an incident for Internal Timesheet
    • Log an incident for SharePoint Online
    • Request access to CRM Online (manual for now)
    • Request access to SharePoint Online (manual for now)
    - Communications
    • Apply for company mobile phone
    • Request GoToMeeting account
    • Report an issue with GoToMeeting
    • Request a softphone account
    - Desktop Services
    • Log an issue for your workstation
    • Report an issue with Microsoft Office
    • Request IT Accessories (keyboard, mice, docking stations, etc.)
    • Request replacement workstation
    • Report a general IT issue
    - Infrastructure Services
    • Log an incident for a printer(s)
    • Report an issue with Hyper-V
    • Report an issue with the LAN
    • Report an issue with the WiFi
    • Request AWS Instance
    • Request Azure Multi-Factor Authentication (SMA automated)
    • Request file/folder restore
    - Security (Limited Staff Visibility)
    • Report a security incident
    - Service Desk (visible to night shift only)
    • Log a scheduled task (e.g. weekly/monthly/quarterly scheduled jobs)
    • Report a monitoring alert/event (e.g. SCSM not integrated with internal monitoring, yet!)
    • Automated AD User Unlock (SMA Automated)

Sign In or Register to comment.