MNSCUG July 2018 Meeting Notes

Thanks to Andre Dupre for taking notes!

Custom CM Data Collection, Usage and Reporting

WMI properties can do a lot more than just storing data (properties, methods, etc) but we're just going to focus on data/properties.

Mark Cochrane's RegkeyToMOF is a good way, you can also Powershell.

Do be careful and be sure you choose a unique name (maybe org initials in it). Ex: when CM upgraded and added Firmware as a built in HWInv the name would overlap if you had also used "Firmware"

Powershell (slides have code, hopefully script gets posted too? - script is on Gary Bloks blog (https://garytown.com/ ))

  1. Create your namespace
  2. Create your class
  3. Create an instance of that class and property

Property Types

String = basic form data, plaintext

Integer = different types (signed, unsigned, etc) numbers mostly

Boolean = True/False

 

Check if the namespace already exists

Define your namespace and class

Double underscore with namespace displays all classes in that namespace

__Namespace

 

Tip: you need to be running as admin to create new classes/namespaces.

Tip: Namespaces are ways to organize your data. It’s a good idea to create a your own NS for custom stuff so it is easier to organize. "Org-[namespace]"

If you're unsure of what type of property type then check MSDN. String is safe if you can't decide but will break if you then need to compare size/count (integer).

CAUTION: Once you get the hang of creating custom WMI classes it is very easy. This can be a bad thing if you're throwing unique strings back from each machine to CM database. You can bloat your database. Same reason you don't turn on every single hardware inventory class, only create custom WMI classes for HW inventory as needed.

When adding a new class you need to first do it in Default Client Class to add it.

Once added  you enable it for other Client Settings.

Then you can disable it in Default, so that it is not on by default and you get cleaner reports

When adding you don't have to use your local machine you can connect remotely (requires correct / open firewall settings) to a different machine that has your custom class already created.

Tip: be precise in your targeting of custom HW Inv data. For example if you need to pull back Dell specific info consider creating a Client Settings with that HW Inv turned on and targeting a Dell specific collection. No reason to ask every machine for all pieces of data.

Why use WMI to store info instead of Reg?

  • Depends on your environment
  • Not everyone has remote registry enabled for querying this info
  • Preference
  • RegKeyToMOF ends up creating WMI classes anyways (I think?)

You do need to push a script (package or compliance item) to get machines to create the WMI class (again see Gary's blog)

Tip: you can use WMIExplorer.exe for a GUI view to explore WMI structure if you're unfamiliar with cli options. You should still learn to do this via powershell since you're going to actually have to script it at some point in order to use it.

Querying

You can of course use powershell to query a machine (get-wmiobject or get-cimobject…)

SQL:

There's a ton of data in here and its easy to get lost so use Filters to help

DB > CM_PS1 > Views (filtered) >

Jason Sandys has a script (SetOSDInfo PS) to collect data which Gary copied/modified

Creating Queries in SQL Manager is a lot easier than doing it in Report Builder (auto complete, etc.) You can copy those queries into report builder later then publish with SSRS.

UEFI and Secure Boot are separate classes so use a SQL case statement to combine them into a single metric that can be reported on (UEFI AND Secure Boot) since that is really what we care about.

In report append those two fields together. Don't make long ugly sql queries.

=Fields!Boot_Mode.value & " " & Fields!.Secure_Boot.Value

You can use collections to stage gate processes. Ex: Query for Win10 build version with collections in 1607 then a collection for 1709. For 1607 collection you have a deployment to upgrade to 1709, then for the 1709 version you collection have an upgrade TS to get to 1803. Based on when the client runs the TS, updates the WMI > HW Inv, the collections update based on queries and clients move into next Collection, then starts again.

Note: be careful of Maintenance windows! So you know when stuff is having)

Tip from Matthew Teegarden: Consider SSDT (SQL Server Data Tools) may be easier to learn/use than Report Builder

OTHER

CMTrace apparently coming in 1806 client by default?

Other uses of WMI:

  • Sheri has a blog post for getting users in the Local Admin groups
  • You can query and mass update (depending on tools) BIOS passwords.
  • LoB or Specific use machines might be nice to store in WMI
  • Computer based policies for which you only have user info

Tips and Tricks

  • SQL 2012 = update your lab?
  • Why folders are bad?
    • No security around them
    • If you're using RBAC and have segmented access, everyone can see folders but can only see their stuff in those folders.
    • Can't delete folders if other people's junk is in there (if you're not root)
    • If you have a good naming conventions you can just search. Search is instant
    • If you're small (only 1 or 2 admins) you can get away with using folders but it may be a bad design decision from the get go. Do it right the first time.
  • CM Project Management Reports
    • Got request to fill out a spreadsheet daily…. No thanks. Let's make a custom report
    • Matthew Teegarden - could publish templates.
    • Want reports to be same for each software deployment, so use variables.
  • SQL 2016 makes the reports portal looks nice, not like it is from early 2000's.
    • You can do an overall template (pick logo, color scheme, etc.) trickles down to all reports below
    • Google "SSRS Xbox style sheet" its an XML file
    • Doesn't override individual customizations. So your ugly baby's appearance won't change but everyone else's report are standardized.
  • ClientFaux-CreateMachines
    • Useful Script to build a bunch of clients in a lab environment.
      • They even will do some hardware inventory!
      • Not terribly fast if you do a lot of clients since it has generate certs and drop this hw inv onto CM for each client.
      • Can use to help membership collection moves
    • https://github/1redone/clientfaux
    • Combine with VIAMONSTRA hydration kit to quickly spin up lab environment.
  • MMS Desert Edition
    • Cabana sessions = 15 minutes where you can sit down and complain to a Dev about the UI
      • For example: you can tell them to fix the search so the bar doesn't move when searching
    • Gary having a session on OSD basics and troubleshooting - if you have stuff for him DM him.
  • Vendor Manageability Kits
    • Could be useful for people who are not dedicated CM admins (i.e. the one-admin shop)
    • Otherwise, its basically just adding some CI's and some packages for BIOS updates. If you understand how all of that works it may not be worth it.
  • Hardware Reliability vs Client Management
    • Lenovo, great for HW reliability, ok in client mgmt.
      • Some kinks, ex: can't set BIOS pw initially with CLI…
    • Dell, not as reliable in HW but great centralized client mgmt tools.
  • Anyone who runs 2 CM sites (build/test and Prod)
    • Brady Donavan https://twitter.com/b_radmn
    • Script to convert TS from build env to Prod env
    • Uses friendly/similar name matching to match Packages and Apps
    • Package must exist on both sides
    • Copies XML of TS and modifies using the new cmdlets (though many of these are undocumented)
    • Script is on Github
      • Currently private but can open it public. For now Private Message to get access
    • Anyone using the webhooks in Teams to have CM messages posted to Teams (also Slack)?
      • Not much right now…
      • Some people are super wary of it as it can quickly go from a "oh isn't this neat" to "this is Prod critical!"
        • If you need to monitor it use your monitoring solution!
        • You don't want to get stuck supporting it
      • Anyone using Device Health (windows analytics) info?
        • For example: spawning a collection off of crash data and pushing packages to remediate proactively.
        • In the future this will likely come (2 way comm from Windows Analytics down to CM)
      • Server Maintenance Windows
        • If you can't do at least 4 hours per month then you will get behind on patching. You will probably not ever finish and then they just keep stacking up.
        • You can tweak specific times for each updates… but this is a lot of work
        • Old versions of CM used to calc time for whole package / dependencies and determine
        • Alt: make updates available in Software Center, then people who have their pet servers are responsible for running the updates themselves on their own time.
      • Cloud Management Gateway
        • Check MNSCUG notes for a past session on CMG
        • Extensive notes.
        • CMG will likely become more and more useful in the future.
        • Question - anyone have good blogs or guides to follow for transitioning from IBCM to CMG?
      • Compliance info reporting
        • Sorry, I missed much of this conversation sounded like query issue.
  • Created on .
Copyright © 2018 - The Minnesota System Center User Group