myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


Local Admins MOF - by Ward Lange

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003 >> Local Admins MOF - by Ward Lange Page: [1]
Login
Message << Older Topic   Newer Topic >>
Local Admins MOF - by Ward Lange - 6/7/2006 1:48:40 PM   
tmiller


Posts: 665
Score: 18
Joined: 7/29/2003
From: Iowa
Status: offline 		I have a question about the Local Admins MOF tool Ward Lange posted to MyITForum.

The instructions say that the LocalAdmins.MOF file needs to be compiled on a local workstation. Does that mean that the LocalAdmins.MOF only needs to be compiled on a single SMS client once, or does the LocalAdmins.MOF need to be compiled on every client once, or does it need to be compiled on each client every time one wants to collect the current local admins?

I’ve made lots of changes and redeploys of SMS_DEF.MOF, so I know that routine, but this additional MOF thrown into the mix troubles and confuses me.
Post #: 1
RE: Local Admins MOF - by Ward Lange - 6/7/2006 3:02:57 PM   
gross928


Posts: 265
Score: 12
Joined: 3/31/2004
Status: offline 		It only needs to be compiled once on every machine, I created a small wise exe that installs the file and then complies it after it has run. If you are interested in the exe let me know and I can send it to you.

Thanks
Gavin...

< Message edited by gross928 -- 6/7/2006 3:03:54 PM >

(in reply to tmiller)
Post #: 2
RE: RE: Local Admins MOF - by Ward Lange - 6/7/2006 3:15:01 PM   
tmiller


Posts: 665
Score: 18
Joined: 7/29/2003
From: Iowa
Status: offline 		Cool. Thanks for responding. I will use a similar method as the one I use to distribute updated SMS_DEF.MOFs since it is the same process but with a modified target collection.

That makes this method superior to the data-shift and mif-shift methods, I think. With those you have to continually run the VB scripts to keep the data up-to-date. Are there cons to this method - like a heavy burden on the Domain Controllers - or is the entire query done inside the client. I overheard some people talking about this at MMS and I wonder if it is dangerous in some way - or what pitfalls I need to watch out for.

I wonder why the localadmins.mof information couldn' t just be added to the SMS_DEF.MOF along with the Reporting piece, since you have to distribute and compile the new SMS_DEF.MOF file anyway.


(in reply to gross928)
Post #: 3
RE: Local Admins MOF - by Ward Lange - 6/7/2006 3:33:41 PM   
gross928


Posts: 265
Score: 12
Joined: 3/31/2004
Status: offline 		This is how it works, the localadmins.mof is compiled on the clients which then creates the WMI class, you also have to add the localadmins-report.mof to the end of your sms_def.mof. Once the WMI class is created on the client it returns the results whenever you run your hardware inventory. What I have also done is created a report that shows me all the local admin accounts other than the ones that should be there. There is nothing else done on the clients other than the HW inventory. Not sure why it cant be added to the sms_def.mof... there must be some reason why not... might be worth trying in a test lab.


< Message edited by gross928 -- 6/7/2006 3:37:26 PM >

(in reply to tmiller)
Post #: 4
RE: Local Admins MOF - by Ward Lange - 5/31/2007 10:22:09 AM   
bcasler@hotmail.com

 

Posts: 6
Score: 0
Joined: 5/31/2007
Status: offline 		so how on every 2003 machine can i replace 'BUILTIN' witht hes server name?

(in reply to gross928)
Post #: 5
RE: Local Admins MOF - by Ward Lange - 5/31/2007 10:55:59 AM   
skissinger


Posts: 2153
Score: 135
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline 		There is a sample report here for Ward Lange's mof extension.

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to bcasler@hotmail.com)
Post #: 6
RE: Local Admins MOF - by Ward Lange - 5/31/2007 11:08:48 AM   
bcasler@hotmail.com

 

Posts: 6
Score: 0
Joined: 5/31/2007
Status: offline 		Yes I have seen that and have the files but how do I compile it for every 2003 machine (having to replace 'BULTIN' reference) without having to manually compile it on every machine

(in reply to skissinger)
Post #: 7
RE: Local Admins MOF - by Ward Lange - 5/31/2007 1:10:36 PM   
skissinger


Posts: 2153
Score: 135
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline 		Is this one of the first times you've extended the MOF?  If so, a quick (and extremely brief) lesson on extending the Hardware Inventory mof...  SMS Clients get the default sms_def.mof by installing the Client itself.  If you want to gather additional information (not just changing FALSE to TRUE or TRUE to FALSE on existing definitions), then each client need to 'mofcomp' the additional/new classes.  There are a few articles out there on automating the process; but the end result is that on each client, somehow the command of mofcomp file_with_the_new_classes.mof  has to be run, before the client can successfully report on new classes you've added to sms_def.mof on your primary site's \inboxes\clifiles.src\hinv  folder.

Let me know if I've completely missed your point, or if you need additional step-by-step "how to extend the mof" instructions.  There's also an e-book you can get at www.smsexpert.com regarding MOF editing.

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to bcasler@hotmail.com)
Post #: 8
RE: Local Admins MOF - by Ward Lange - 5/31/2007 1:28:49 PM   
bcasler@hotmail.com

 

Posts: 6
Score: 0
Joined: 5/31/2007
Status: offline 		I understand each machine must compile it to add the class to the local WMI BUT my question was in his script he had given (Ward Lange) you had to replace the reference  'builtin' in the loacaladmin.mof with the actual name of the 2003 server it is compiled on. My questions was how to automate feeding the server name to the localadmins.mof before compiling it (presumably as an advertised package)

And yes if is my first time so be gentle, I will follow up on the references you have mentioned

(in reply to skissinger)
Post #: 9
RE: Local Admins MOF - by Ward Lange - 5/31/2007 2:20:19 PM   
mlucero


Posts: 793
Score: 36
Joined: 4/1/2005
From: Austin, Texas
Status: offline 		"BUILTIN" is merely referring to the built-in local group named "administrators" on each machine on which you compile the MOF adjustment. You do not need to replace it with anything. When compiling locally, the "domain" is the local machine.

Leave the MOF adjustment as is and compile it on your client machines.

Also, no need to make a script or anything to run it. Just create a package with the LocalAdmins.MOF file and use the following command:  MOFCOMP LocalAdmins.MOF

MOFCOMP.exe is located in the %windir%\system32\wbem  directory and is built into the defaults paths.



< Message edited by mlucero -- 5/31/2007 2:28:54 PM >

_____________________________

Mike Lucero
Austin, Texas

My Blog

(in reply to bcasler@hotmail.com)
Post #: 10
RE: Local Admins MOF - by Ward Lange - 5/31/2007 2:23:56 PM   
bcasler@hotmail.com

 

Posts: 6
Score: 0
Joined: 5/31/2007
Status: offline 		his instructions in the read me say you need to change it on 2003 machines, I will test it out
Oh  and thank you for your help
+---------------------------------+
¦  Local Admins MOF               ¦
¦  Created by Ward Lange          ¦
¦  3/4/2006                       ¦
¦  Ward.lange@sanofi-aventis.com  ¦
+---------------------------------+
I - Purpose
The MOF files included in this zip file will create a WMI class called Win32_LocalAdmins and will allow that information to be collected by SMS 2003.  The class is located in the Root\CIMV2 namespace in WMI and you can use WBEMTEST or WMITools to view the information created.

II - Applying the MOF files
The LocalAdmins.MOF file needs to be compiled on a local workstation to create the class.  You can do this manually or through an SMS delivery by creating a package and program to run the command:
MOFCOMP LocalAdmins.MOF
The LocalAdmins-Report.MOF needs to be added to the end of the SMS_DEF.MOF file on the SMS 2003 Server located at the \sms_\inboxes\clifiles.src\hinv">\\<server>\sms_<site>\inboxes\clifiles.src\hinv directory on the site server.  YOu an monitor the DataLdr.log file on the server to ensure the SMS_DEF.MOF changes are applied correctly.
III - Windows 2003 Systems
The LocalAdmins.MOF will not compile the same way on Windows 2003 server machines.  You must replace the text "BuiltIn" with the actual server name of the server where the MOF is being compiled on.  Otherwise the class will not be populated with any data.  The MOF file compiles fine on Windows 2000 and XP machines without modification.
IV - Warranty
Use at your own risk and test the results prior to deployment.




(in reply to mlucero)
Post #: 11
RE: Local Admins MOF - by Ward Lange - 5/31/2007 2:36:48 PM   
mlucero


Posts: 793
Score: 36
Joined: 4/1/2005
From: Austin, Texas
Status: offline 		I see your dilemma. Unfortunately, I do not have a method off the top of my head for this as we do not manage servers with SMS in our environment... there is a different system in place for them. I'd be interested in this solution myself in the case we eventually do manage server class machines with SMS.

_____________________________

Mike Lucero
Austin, Texas

My Blog

(in reply to bcasler@hotmail.com)
Post #: 12
RE: Local Admins MOF - by Ward Lange - 3/26/2008 6:02:09 AM   
Tom_Watson

 

Posts: 119
Score: 9
Joined: 9/13/2006
Status: offline 		If you can get a copy of a Windows equivalent to 'sed' you could script something like:-

sed.exe s/BUILTIN/%COMPUTERNAME%/g LocalAdmins.MOF > %TEMP%\LocalAdmins-2003.MOF
MOFCOMP.EXE %TEMP%\LocalAdmins-2003.MOF

You can Google for Windows SED variants.  One such page gave me http://sed.sourceforge.net which had several links for Windows SED variants.  I tried the one at http://sed.sf.net/grabbag/ssed/sed-3.59.zip and it seemed to work OK.

I guess you'd have to test this out thoroughly though.

EDIT: Mark Seely has a nice VBS script that will do the trick here - http://www.myitforum.com/forums/m_179546/mpage_1/key_/tm.htm#179659


< Message edited by Tom_Watson -- 6/4/2008 3:16:35 AM >

(in reply to mlucero)
Post #: 13
RE: Local Admins MOF - by Ward Lange - 6/3/2008 9:15:39 PM   
jkuta

 

Posts: 12
Score: 0
Joined: 9/13/2007
Status: offline 		I tried to use the MOFs in my SCCM SP1 test environment but can't seem to get it to work. 

The localadmin.mof compiles fine, the WMI class is added to the clients (localadmins-report.mof compiles fine on the server) and I trigger a client hardware inventory but when I run the report I get the following error: Invalid object name 'v_GS_LocalAdmins'.

Using SQL Management Studio I verified that no table/view exists in the database called v_GS_LocalAdmins.  What creates this table/view?

Has anyone gotten this to work in Config Manager?


(in reply to Tom_Watson)
Post #: 14
RE: Local Admins MOF - by Ward Lange - 6/3/2008 10:56:52 PM   
mseely

 

Posts: 42
Score: 1
Joined: 5/4/2008
Status: offline 		Did you compile localadmins-report.mof on the server,
or did you place the contents of localadmins-report.mof into the 'SMS_DEF.MOF' file on the server ?


(in reply to jkuta)
Post #: 15
RE: Local Admins MOF - by Ward Lange - 6/4/2008 9:50:40 AM   
jkuta

 

Posts: 12
Score: 0
Joined: 9/13/2007
Status: offline 		I copied and pasted the text content of localadmins-report.mof into the sms_def.mof file and compiled it on the SCCM server.  Should I have run "mofcomp localadmins-report.mof" on the SCCM server?

(in reply to mseely)
Post #: 16
RE: Local Admins MOF - by Ward Lange - 6/4/2008 11:28:04 AM   
mseely

 

Posts: 42
Score: 1
Joined: 5/4/2008
Status: offline 		The contents of the localadmin-report.mof should be in the SMS_DEF.MOF.

So ...

1)  The WMI class is on the client.  Is the class populating with any instances. [If there are no instances, then there will be nothing to report up to the server]
2)  When Inventory runs, are there any errors resulting from the Win32_LocalAdmins class in the InventoryAgent.log?
3)  Run the following query on the server to see if the View got created with some other name -
SELECT * FROM v_GroupMap where MIFClass='MICROSOFT|LocalAdmins|1.0'
    and look for the 'InvClassName' field.
    (The MIFClass being the  SMS_Class_ID from the SMS_DEF.MOF)
 
The 'InvClassName' would be the view you would need to query against to see the inventory data.

(in reply to jkuta)
Post #: 17
RE: Local Admins MOF - by Ward Lange - 6/4/2008 5:20:00 PM   
skissinger


Posts: 2153
Score: 135
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline 		Question for jkuta:  Is this SMS2003, or ConfigMgr07?  You mentioned SCCM server, and there are some differences in what you do w/mof extensions between SMS2003 and ConfigMgr.

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to mseely)
Post #: 18
RE: Local Admins MOF - by Ward Lange - 6/4/2008 8:44:47 PM   
jkuta

 

Posts: 12
Score: 0
Joined: 9/13/2007
Status: offline 		I am running System Center Configuration Manager 2007 SP1 in my test environment.



1)  The WMI class is on the client.  Is the class populating with any instances. [If there are no instances, then there will be nothing to report up to the server]

When I use WMIExplorer to view the win32_LocalAdmins class on a Windows Server 2003 machine there are no instances populating however, when I view the same class on a WinXP machine, members of the local administators group appear as instances (once I completed this test the v_GS_LocalAdmins view appeared in my database).  In the post authored by mlucero above, he indicates that the "BUILTIN" syntax in the localadmins.mof file doesn't need to be modified, even when compiling it on Win2k3 servers.  As a test I modified localadmins.mof by replacing 'BUILTIN' with the Windows server name, compiled the mof and when I viewed the win32_LocalAdmins class it populated the instances with members of the local administrators group as it should.

2)  When Inventory runs, are there any errors resulting from the Win32_LocalAdmins class in the InventoryAgent.log?

The inventory action runs and completes without errors.  Here is the line in the InventoryAgent.log that references the inventory action:
Collection: Namespace = \\.\root\cimv2; Query = SELECT __CLASS, __PATH, __RELPATH, CurrentTimeZone, Description, Domain, DomainRole, Manufacturer, Model, Name, NumberOfProcessors, Roles, Status, SystemType, UserName FROM Win32_ComputerSystem; Timeout = 600 secs.
There are no error messages following this line, only the next set of queried classes. 

3)  Run the following query on the server to see if the View got created with some other name -
SELECT * FROM v_GroupMap where MIFClass='MICROSOFT|LocalAdmins|1.0'
    and look for the 'InvClassName' field.     (The MIFClass being the  SMS_Class_ID from the SMS_DEF.MOF) 

Initially this query yielded no results, however after I compiled localadmins.mof on an XP machine and triggered an inventory the view/table populated in the database with the expected information.  The report started working as well.

I'm happy this works with WindowsXP but what about Win2K3 Server?  Is mlucero's post inaccurate?  Does the localadmins.mof indeed need to be manually compiled on each and every server?

(in reply to skissinger)
Post #: 19
RE: Local Admins MOF - by Ward Lange - 6/4/2008 8:54:10 PM   
skissinger


Posts: 2153
Score: 135
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline 		Since you are ConfigMgr, there is a slight difference:

Put this in the primary site server's copy of sms_def.mof (at the bottom):
quote:

 //  <:[-<>>>>>>>>>>>>>>>>>>>>>>>>>>>Begin>>-Administrators group-<<Begin<<<<<<<<<<<<<<<<<<<<<<<<>-]:>
[ SMS_Report (TRUE),SMS_Group_Name ("LocalAdmins"),SMS_Class_ID ("MICROSOFT|LocalAdmins|1.0")]
class Win32_LocalAdmins : SMS_Class_Template
{
[SMS_Report(TRUE), key] string AccountName;
[SMS_Report(TRUE), key] string GroupName;
};
//  <:[-<>>>>>>>>>>>>>>>>>>>>>>>>>>>END>>-Administrators group-<<END<<<<<<<<<<<<<<<<<<<<<<<<>-]:>

And this in configuration.mof on the primary site clifiles.src (at the bottom):
quote:

 //  <:[-<>>>>>>>>>>>>>>>>>>>>>>>>>>>Begin>>-Administrators group-<<Begin<<<<<<<<<<<<<<<<<<<<<<<<>-]:>
[union, ViewSources{"Select * from Win32_GroupUser where GroupComponent=\"Win32_Group.Domain='BUILTIN',Name='Administrators'\""},ViewSpaces{"\\\\.\\root\\CIMV2"}, Dynamic : ToInstance, provider("MS_VIEW_INSTANCE_PROVIDER")]
class Win32_LocalAdmins
{
[PropertySources("PartComponent"), key] Win32_Account ref AccountName;
[PropertySources("GroupComponent"), key] Win32_Group ref GroupName;
};
//  <:[-<>>>>>>>>>>>>>>>>>>>>>>>>>>>END>>-Administrators group-<<END<<<<<<<<<<<<<<<<<<<<<<<<>-]:>


That way you don't have to mofcomp anything on your XP workstations.  Believe me... it's much better than managing a mofcomp update routine on your clients.

Regarding your question about win2k3; there was a recent discussion here.  Perhaps Mark's script will work for you as well?

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to jkuta)
Post #: 20
RE: Local Admins MOF - by Ward Lange - 6/5/2008 3:36:45 PM   
jkuta

 

Posts: 12
Score: 0
Joined: 9/13/2007
Status: offline 		Thank you for mentioning Mark's script in the post above, it works awesome and worked like a charm on my Win2K3 servers!

Re: the code above...I added it to both the configuration.mof and sms_def.mof files and compiled them on my SCCM server however at this time I only have 2K3 servers in my test environment and as such, I am unable to tell if the code worked for non-server machines.  I am curious, how can this code take effect on the XP workstations and report the contents of their local admins group if it's not mofcomp'd locally?

(in reply to skissinger)
Post #: 21
RE: Local Admins MOF - by Ward Lange - 6/5/2008 4:37:52 PM   
skissinger


Posts: 2153
Score: 135
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline 		Because ConfigMgr is cool! 

No, really.  ConfigMgr07 was designed to have the advanced clients automatically mofcomp "configuration.mof".  As you've seen, you'll need to mofcomp on Servers and Vista using the script because "BUILTIN" isn't there on those OS'; but on XP it works without the script.  Although (thinking as I type here)....I might need to test whether nothing in configuration.mof; and use the script instead to all platforms is a better idea.  I'm not sure if configuration.mof will overwrite what you just did w/the manual mofcomp, and eventually 2003 & Vista wouldn't report right.

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to jkuta)
Post #: 22
Page:   [1]
All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003 >> Local Admins MOF - by Ward Lange Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.375