Registry values returned with SMS

myITforum.com Community Forum

Home Forums Blogs Live Support chat Search Articles Wiki FAQ Email Lists Register Login My Profile Inbox Address Book My Subscription My Forums

Photo Gallery Member List Search Calendars FAQ Ticket List Log Out

All Forums RSS Feed Subscription:

Registry values returned with SMS

View related threads: (in this forum | in all forums)

Logged in as: Guest

Printable Version

All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003 >> Registry values returned with SMS

Page: [1]

Message

<< Older Topic Newer Topic >>

Registry values returned with SMS - 8/29/2008 3:34:56 PM

MWSager

Posts: 12
Score: 0
Joined: 8/29/2008
Status: offline

Does anybody have a way that they scan clients and return registry values?

Scenario - virus scan DAT value is listed in registry but unable to find SAME file every time for different versions of McAfee. Console for virus updates went down and need a quick way to confirm we are current on desktops in the field. We have a auto repository set up and clients should still receive updates but need to prove to management that we are good to go.

what I had in mind: was thinking about a VBS to be executed to run report to a file (or even a net share) and then use software collection to pick up file so I can run some report.

tried the search function but could not find anything - I am sure someone out there has come across same similar situation.

Thank you in advance for your assistance.

Post #: 1

RE: Registry values returned with SMS - 8/29/2008 3:42:01 PM 1 votes

hcortez463

Posts: 780
Score: 62
Joined: 4/8/2005
Status: offline

here you go.. you will need to updated the mof. Sherry has updated mcafee updates

http://www.sccmexpert.com/Download/Download.aspx?Type=MOF

_____________________________

If it Helps, Please rate....

(in reply to MWSager)

Post #: 2

RE: Registry values returned with SMS - 8/29/2008 10:16:36 PM

skissinger

Posts: 2119
Score: 134
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline

Rick Jones had an update for EPO (I think v4?). The mof snippets currently on sccmexpert do EPO regkeys for EPO 3.x. I'll try to blog his updated mof snippet this weekend...

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to hcortez463)

Post #: 3

RE: Registry values returned with SMS - 8/31/2008 10:33:47 PM

MWSager

Posts: 12
Score: 0
Joined: 8/29/2008
Status: offline

Thanks for the quick replies and the MOF files look awsome from that post - found a great one (i think if I understands what is does) in that link for EXACATLY what I need

ok newbie when it comes to MOF files... from what I have read

paste the snip out into the a new.mof file
run mofcomp -check new.mof
check for errors
paste new.mof into \smssetup\inboxes\clifiles.src\hinv\sms_def.mof (after you make backup)
run [mofcomp -check sms_def.mof ]
run [mofcomp -sms_def.mof ]
wait for inventory to come back

is that it - dont want to screw something up if missed step and so many different posts, whitepapers with so many ways to do it want to make sure it is that simple.

read about testing on individual client by - paste into clicomp/hinv "client.mof"
and run hardware inventory - wont this copy the SMS_def.mof off the server because it is different...???

as in the mcafee one I found...

McAfee AntiVirus
Reports McAfee Antivirus values contained in the Registry, for versions 4.5 7, and 8.x of McAfee AntiVirus

add to sms_def.mof

// <:[-<>>>>>>>>>>>>>>>>>>>Start>>-Network Associates/McAfee Anti-Virus-<<Start<<<<<<<<<<<<<<<<<>-]:>
//`'`*._.*`'`*-
// McAfee Reporting Class
//`'`*._.*`'`*-
[SMS_Report(TRUE),SMS_Group_Name("McAfee_Virus_Scan"),SMS_Class_ID("SMSExpert|McAfee_Virus_Scan|1.0")]
Class McAfee_Virus_Scan : SMS_Class_Template
{
[SMS_Report(TRUE),key] string KeyName;
[SMS_Report(TRUE) ]     string szCurrentVersionNumber;
[SMS_Report(TRUE) ]     string szDatVersion;
[SMS_Report(TRUE) ]     string szEngineVer;
[SMS_Report(TRUE) ]     string szEngineVerMinor;
[SMS_Report(TRUE) ]     string szDatDate;
};
// <:[-<>>>>>>>>>>>>>>>>END>>-Network Associates/McAfee Anti-Virus-<<END<<<<<<<<<<<<<<>-]:>

add to configuration mof

// <:[-<>>>>>>>>>>>>>>Start>>-Network Associates/McAfee ePO Agent-<<Start<<<<<<<<<<<<<<>-]:>
//`'`*._.*`'`*-
// McAfee ePO Agent Data Class
//`'`*._.*`'`*-
[DYNPROPS]
Class McAfee_ePO_Agent
{
[key] string KeyName="";
       string szePOVersion;
       string szePOName;
       string szePOGUID;
       string szePOInstallPath;
};
//`'`*._.*`'`*-
// Instance of McAfee ePO 3x
//`'`*._.*`'`*-
[DYNPROPS]
instance of McAfee_ePO_Agent
{
KeyName="McAfee ePO 3.x";
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent|Installed Path"),Dynamic,Provider("RegPropProv")] szePOInstallPath;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Application Plugins\\EPOAGENT3000|Version"),Dynamic,Provider("RegPropProv")] szePOVersion;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent|ComputerName"),Dynamic,Provider("RegPropProv")] szePOName;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent|AgentGUID"),Dynamic,Provider("RegPropProv")] szePOGUID;
};
// <:[-<>>>>>>>>>>>>>>>>END>>-Network Associates/McAfee ePO Agent-<<END<<<<<<<<<<<<<<>-]:>

does sms 2003 use the configuration files or only 2007?

(in reply to skissinger)

Post #: 4

RE: Registry values returned with SMS - 8/31/2008 10:53:22 PM 1 votes

skissinger

Posts: 2119
Score: 134
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline

Unfortunately sms2003 doesn't use the configuration.mof, only configMgr 07. Edit/extending the mof files has changed from sms2003 to configmgr07, which is why it's likely a bit confusing in your research.

There are 3 basic steps to editing the mof under sms2003
- figuring out what you want
- adding the snippets to sms_def.mof on your primary site servers so your clients can pick up a new policy from your MPs.
- mofcomp'ing either the entire sms_def.mof or just the additions on ALL of your clients, so your clients know "how" to report on the new policy asked of them.

Figuring out what you want -- I'm not sure if you've got that quite yet. In your snippet above, you have partially the mof snippet for the McAfee Virus Scan, and partially the snippet for EPO version 3.x. Could you let me know what version(s) of McAfee Virus Scan you want/need? The regkeys can be different from version to version.

I'll post up the specific mof edits for the versions you need.

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to MWSager)

Post #: 5

RE: Registry values returned with SMS - 9/1/2008 9:18:38 AM

MWSager

Posts: 12
Score: 0
Joined: 8/29/2008
Status: offline

well than explains a lot!

we are currently using 7.x and 8.x in our environment

thanks for your help.

(in reply to skissinger)

Post #: 6

RE: Registry values returned with SMS - 9/1/2008 9:57:15 AM 1 votes

skissinger

Posts: 2119
Score: 134
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline

Attached is a snippet to add to the bottom of sms_def.mof on your server. When you do so, when you hit save, just monitor the log file dataldr.log on your server, to see if it was accepted or rejected. (Note, there will be an error, which you can ignore--it really just means "hey! you just edited the mof!) You'll know if it was rejected if the old version of the mof was automatically replaced.

The attached snippet has 3 basic things it'll return: Regkeys from 7 or 8 Mcafee client, EPO 3.x regkeys, and there's a section which may or may not return any data in your environment; I haven't tested it yet myself but I 'think' it's for EPO 4.x stuff.

Once you've added the snippet to the mof on the server, that triggers a policy update which is forwarded to your MPs, which you clients can then pick up at their next policy refresh. So, about 1-3 policy refreshes at a client, it will *try* to report up what you've asked. However, a SMS2003 client will not know "how" to report up the new data--you have to tell it how by 'mofcomp'ing' it on each client.

There's several different articles from various people on how they've deployed a mofcomp to their clients; but for just testing a single client, interactively at a cmd prompt, just run mofcomp <nameofthesnippet>.mof . Then, at your next Hardware Inventory, assuming the client has picked up the new policy already from the MP, it'll report up the regkeys it has.

Once you get that far, if you need assistance setting up an advertisement to send out to your clients to do the mofcomp, just reply.

Attachment (1)

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to MWSager)

Post #: 7

RE: Registry values returned with SMS - 9/1/2008 9:06:59 PM

MWSager

Posts: 12
Score: 0
Joined: 8/29/2008
Status: offline

Thanks again - seems pretty straight foward... put this into the sms_def.mof - check the logs for errors - if none, run mofcomp on one client - check for return inventory - looks good, create a package and advertise it out to all to mofcomp - get the report to mgmt.

if I have any problems I will let you know, I thank you for your assistance - hopefully this will expand what I know SMS can (and does) do for me already.

(in reply to skissinger)

Post #: 8

RE: Registry values returned with SMS - 9/2/2008 10:00:17 AM

MWSager

Posts: 12
Score: 0
Joined: 8/29/2008
Status: offline

ok ran -check and looked clean, put it into smsdefmof and logs reported:

SMS_DEF.Mof change detected
Connected to SQL; waiting for Hinv action ID...
Done with wait for Hinv action ID.
Start of cimv2\sms-to-policy conversion
Resetting SMS_Report qualifier to FALSE on all classes and properties in cimv2\sms namespace
Running MOFCOMP on D:\SMS\inboxes\clifiles.src\hinv\sms_def.mof
MOF backed up to D:\SMS\data\hinvarchive\sms_def.mof.bak
Warning: cannot get SMS_Class_ID of SMS_Win32ProviderEx
End of cimv2\sms-to-policy conversion; returning 0x0

from what I see it accepted it based on the MOF was backed up with all the McAfee info into hinvarchive.

but curious as to what the warning is "cannot get SMS_Class_ID of SMS_Win32ProviderEx"

(in reply to MWSager)

Post #: 9

RE: Registry values returned with SMS - 9/2/2008 10:27:04 AM

skissinger

Posts: 2119
Score: 134
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline

quote:

(Note, there will be an error, which you can ignore--it really just means "hey! you just edited the mof!).

If you check the readme (I forget whether it's earlier, or the one in SP3), there's a section about hardware inventory, and way way at the bottom of that readme section, there's 1 paragraph that says you'll get that error when you edit the mof -- and to ignore the error.

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to MWSager)

Post #: 10

RE: Registry values returned with SMS - 9/2/2008 10:29:25 AM

MWSager

Posts: 12
Score: 0
Joined: 8/29/2008
Status: offline

saw that but wanted to confirm... thanks

will keep you posted on progress and if any other issue - that way it will be here for someone else in future to do search and find.

(in reply to skissinger)

Post #: 11

RE: Registry values returned with SMS - 9/2/2008 3:01:16 PM

MWSager

Posts: 12
Score: 0
Joined: 8/29/2008
Status: offline

IT WORKS!
it is showing up in resource explorer and I can now create reports on findings.
thanks to all.

(in reply to MWSager)

Post #: 12

RE: Registry values returned with SMS - 9/2/2008 3:08:56 PM

gkamenjati

Posts: 108
Score: 0
Joined: 6/8/2005
From: San Jose, California
Status: offline

Sherry, I also recall that you posted a Web Based report on this!! do you have the link to it? is it on your Blog?

I'm interested in the 3.x and 4.x engines for ePO 8.5

Thank you.

(in reply to MWSager)

Post #: 13

RE: Registry values returned with SMS - 9/2/2008 3:45:09 PM 1 votes

skissinger

Posts: 2119
Score: 134
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline

The sample reports are in the attachment in that link. Although... I haven't actually done anything with the EPO4 stuff. I only got the last 3rd bit from Rick Jones (the EPO Plugins stuff) a few days ago. So if you come up with some reports on that view, please share!

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to gkamenjati)

Post #: 14

RE: Registry values returned with SMS - 9/2/2008 4:55:20 PM

gkamenjati

Posts: 108
Score: 0
Joined: 6/8/2005
From: San Jose, California
Status: offline

Your Report worked perfectly, and I made little chages to show the PC and user.
but I endup with 2 lines on the report and I would like to get rid of the first one.

Any idea why?

here's the Web report code. (the changes are in black Font).

select distinct v_R_System.Netbios_Name0, v_R_System.User_Name0, mc.szCurrentVersionNumber0 [Current Version], mc.szdatDate0 [DAT date], mc.szDatVersion0 [DAT Version], mc.szEngineVer0 [Engine Version], mc.szEngineVerMinor0 [Engine Version Minor (if applicable)] from v_gs_McAfee_Virus_Scan0 mc inner join v_r_system on v_r_system.resourceid=mc.resourceid where v_r_system.netbios_name0 LIKE @machinename

Thumbnail Image

Attachment (1)

(in reply to skissinger)

Post #: 15

RE: Registry values returned with SMS - 9/2/2008 5:47:01 PM

gkamenjati

Posts: 108
Score: 0
Joined: 6/8/2005
From: San Jose, California
Status: offline

It's fixed, here's the code. (black font is added).

select distinct v_R_System.Netbios_Name0, v_R_System.User_Name0, mc.szCurrentVersionNumber0 [Current Version], mc.szdatDate0 [DAT date], mc.szDatVersion0 [DAT Version], mc.szEngineVer0 [Engine Version], mc.szEngineVerMinor0 [Engine Version Minor (if applicable)] from v_gs_McAfee_Virus_Scan0 mc inner join v_r_system on v_r_system.resourceid=mc.resourceid where v_r_system.netbios_name0 LIKE @machinename AND mc.szEngineVer0 IS NOT NULL

thank you everyone.

(in reply to gkamenjati)

Post #: 16

RE: Registry values returned with SMS - 9/3/2008 10:39:29 AM

jnelson993

Posts: 900
Score: 127
Joined: 2/18/2005
From: Minneapolis, MN
Status: offline

Well, I wouldn't call that "fixed" I'd call that "explicitly filtered out".

It's on 2 rows because there are 2 records for that machinename. My guess is either you have two different machines with the same name or you have an old record that's obsolete and needs to be excluded. If that doesn't remove the duplicates, then I guess you could include the IS NOT NULL predicate, but I'd hate to lose track of any records that are valid but have a NULL engine version for some reason...those need to be looked at too.

Try this:
SELECT DISTINCT
sys.Netbios_Name0,
sys.User_Name0,
mc.szCurrentVersionNumber0 [Current Version],
mc.szdatDate0              [DAT date],
mc.szDatVersion0           [DAT Version],
mc.szEngineVer0            [Engine Version],
mc.szEngineVerMinor0       [Engine Version Minor (if applicable)]
FROM
v_gs_McAfee_Virus_Scan0 mc
INNER JOIN v_r_system sys
    ON sys.resourceid = mc.resourceid
    AND sys.obsolete0 = 0
   AND sys.decommissioned0 = 0
   AND sys.client0 = 1
WHERE sys.netbios_name0 LIKE @machinename

_____________________________

Number2 (John Nelson)
MyITForum - Blog
MyITForum - Forum Posts

(in reply to gkamenjati)

Post #: 17

RE: Registry values returned with SMS - 9/3/2008 10:49:38 AM

skissinger

Posts: 2119
Score: 134
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline

It has two records because we're trying to pull in both 7x and 8x Mcafee data; so there are two explicit Keyname=, but only 1 set returns data (depending upon the version installed on the client).

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to jnelson993)

Post #: 18

RE: Registry values returned with SMS - 9/3/2008 10:54:22 AM

jnelson993

Posts: 900
Score: 127
Joined: 2/18/2005
From: Minneapolis, MN
Status: offline

Ah, well then, you WOULD want to include the IS NOT NULL line.

_____________________________

Number2 (John Nelson)
MyITForum - Blog
MyITForum - Forum Posts

(in reply to skissinger)

Post #: 19

RE: Registry values returned with SMS - 9/3/2008 10:58:51 AM

gkamenjati

Posts: 108
Score: 0
Joined: 6/8/2005
From: San Jose, California
Status: offline

Great input from both,

John, I'll add the following (red font) from your code because this will give me better idea about the status of the PC, also I might add a section to refrence the date of the H/W scan date.
AND sys.obsolete0 = 0
AND sys.decommissioned0 = 0
AND sys.client0 = 1

Shoukran & Salam.

(in reply to jnelson993)

Post #: 20

RE: Registry values returned with SMS - 9/3/2008 1:29:06 PM

gkamenjati

Posts: 108
Score: 0
Joined: 6/8/2005
From: San Jose, California
Status: offline

As you see I changed the Code to show the options in black font.

select distinct v_R_System.Netbios_Name0, v_R_System.User_Name0, v_R_System.Obsolete0, v_R_System.Client0, v_R_System.Active0, v_R_System.Creation_Date0, mc.szCurrentVersionNumber0 [Current Version], mc.szdatDate0 [DAT date], mc.szDatVersion0 [DAT Version], mc.szEngineVer0 [Engine Version], mc.szEngineVerMinor0 [Engine Version Minor (if applicable)], v_R_System.Operating_System_Name_and0 from v_gs_McAfee_Virus_Scan0 mc inner join v_r_system on v_r_system.resourceid=mc.resourceid where v_r_system.netbios_name0 LIKE @machinename AND mc.szEngineVer0 IS NOT NULL

BUT if I add any refrence to Last hardware scan it tells me that
The multi-part identifier "v_GS_WORKSTATION_STATUS.ResourceID" could not be bound. In the select section I've added v_GS_Workstation_status.lasthwscan and in the from I've added INNER JOIN v_GS_WORKSTATION_STATUS AS WS
ON v_GS_WORKSTATION_STATUS.resourceid = WS.resourceID any input will get Mil Gratsi.

Thumbnail Image

Attachment (1)

(in reply to gkamenjati)

Post #: 21

RE: Registry values returned with SMS - 9/3/2008 1:33:35 PM

jnelson993

Posts: 900
Score: 127
Joined: 2/18/2005
From: Minneapolis, MN
Status: offline

Remember this is the same issue as you had before, if you reference a view with an alias, you need to reference it everywhere.
Use ws. intead of v_GS_Workstation_Status

_____________________________

Number2 (John Nelson)
MyITForum - Blog
MyITForum - Forum Posts

(in reply to gkamenjati)

Post #: 22

RE: Registry values returned with SMS - 9/3/2008 2:20:52 PM

gkamenjati

Posts: 108
Score: 0
Joined: 6/8/2005
From: San Jose, California
Status: offline

That did it "Sensei"

and here's the final Code:

select distinct v_R_System.Netbios_Name0, v_R_System.User_Name0, v_R_System.Obsolete0, v_R_System.Client0, v_R_System.Active0, v_R_System.Creation_Date0, WS.LastHWScan, mc.szCurrentVersionNumber0 [Current Version], mc.szdatDate0 [DAT date], mc.szDatVersion0 [DAT Version], mc.szEngineVer0 [Engine Version], mc.szEngineVerMinor0 [Engine Version Minor (if applicable)], v_R_System.Operating_System_Name_and0 from v_gs_McAfee_Virus_Scan0 mc inner join v_r_system on v_r_system.resourceid=mc.resourceid INNER JOIN v_GS_WORKSTATION_STATUS AS WS
ON mc.ResourceID = WS.ResourceID where v_r_system.netbios_name0 LIKE @machinename AND mc.szEngineVer0 IS NOT NULL

John, Che'Che' for the lessons.

Thumbnail Image

Attachment (1)

(in reply to jnelson993)

Post #: 23

RE: Registry values returned with SMS - 9/3/2008 2:28:57 PM 1 votes

jnelson993

Posts: 900
Score: 127
Joined: 2/18/2005
From: Minneapolis, MN
Status: offline

Well, if you're going to alias some of them, might as well alias the rest:
SELECT DISTINCT
sys.Netbios_Name0,
sys.User_Name0,
sys.Obsolete0,
sys.Client0,
sys.Active0,
sys.Creation_Date0,
WS.LastHWScan,
mc.szCurrentVersionNumber0            [Current Version],
mc.szdatDate0                         [DAT date],
mc.szDatVersion0                      [DAT Version],
mc.szEngineVer0                       [Engine Version],
mc.szEngineVerMinor0                  [Engine Version Minor (if applicable)],
sys.Operating_System_Name_and0
FROM
v_gs_McAfee_Virus_Scan0 AS mc
INNER JOIN v_r_system AS sys
    ON sys.resourceid = mc.resourceid
   AND sys.obsolete0 = 0
   AND sys.decommissioned0 = 0
   AND sys.client0 = 1
INNER JOIN v_GS_WORKSTATION_STATUS AS WS
    ON mc.ResourceID = WS.ResourceID
WHERE sys.netbios_name0 LIKE @machinename
      AND mc.szEngineVer0 IS NOT NULL

_____________________________

Number2 (John Nelson)
MyITForum - Blog
MyITForum - Forum Posts

(in reply to gkamenjati)

Post #: 24

RE: Registry values returned with SMS - 9/3/2008 2:42:27 PM

gkamenjati

Posts: 108
Score: 0
Joined: 6/8/2005
From: San Jose, California
Status: offline

You should work here John, our previous CEO ran the company under Leaner, Greener and Cleaner banners, and now our new CEO's motto is Strategize, Streamline, and Simplify.

Merci bien mon Genie.

(in reply to jnelson993)

Post #: 25