Tagged: ConfigMgr

When Configuration Manager Goes Bad! and How Cireson can Help.

Let me start by saying I Love Configuration Manager!

For those of you that don’t know, System Center Configuration Manager is now 25 years old. Brad Anderson recently blogged about it and even celebrated this milestone at Microsoft Ignite.

Personally, my love affair with ConfigMgr started when it was still SMS. (No not a text message service, but Server Management System) Over the years as the product has grown and become more and more powerful my infatuation with the product continued to increase and now it is an awesome tool that I can not imagine doing without.

Before SMS or ConfigMgr, admins would have to visit each machine for updates or for software installs, we had no clue what was installed on what machine and don’t even get me started on patch management.

Throughout the years more and more functionality has been added to the product to make it more efficient and to solve admin issues time and again including software deployment, Patch management, Operating System Deployment, Baseline configuration, inventory reporting, software metering and even anti virus!

However, There is one big issue with all this new found power…..  As someone famous once said:

With great power comes great responsibility!

With the power to deploy a single patch to many machines with just one click comes the potential for disaster of sending the wrong patch to the wrong machines. (or worse, the wrong Task Sequence).

Anyone that has been a ConfiMgr admin for any length of time has war stories of when the wrong advertisement was sent tot he wrong collection and business was impacted in some way. Many of these stories are small slow downs or minor interruptions in service but some are more like “Resume generating events”.

A very public example of this occurred in late July back in 2012. The Commonwealth Bank of Australia (The second largest bank in Australia) was effectively taken “Offline” and unable to open the doors of the majority of their 1,000 branches for trading due to a “Systems Outage”.

The official line from the bank at the time was “a problem with an internal software upgrade”. However, it was reported that “… 9,000 desktop PCs, hundreds of mid-range Windows servers (sources said as high as 490) and even iPads had been rendered unusable….”

Unofficially, a simple mistake by a ConfigMgr admin advertising an OSD Task Sequence  to the “All Systems” collection saw teller machines, AD servers and god knows what else, reboot and format the hard drive in preparation of installation of a new OS.

While there are no official numbers on the business cost to the bank or the cost of restoring the systems, I think we should all ask ourselves, “What would this type of impact cost your company?”

I don’t want to harp on this individual incident and break down the exact DNA of the outage, others have done this in the past. What I do want to do is talk about how we can make sure this does not happen to us, or at least minimise the potential risk.

How Can We Prevent ConfigMgr Disasters?

The biggest risk we have with ConfigMgr is the lack of control or granularity of security around deployments and limitations on what collections can be advertised to.

By default, all admins can send any package to any collection. Role Based Access Control (RBAC) within ConfigMgr does allow for some configuration of administration however it is not simple or straight forward to implement and has many limitations.

When an administrator deploys an OS Deployment task sequence to a collection with hundreds or thousands of  clients, ConfigMgr warns the admin that the action is a “High Risk” deployment and asks them to confirm the action. However, if the same admin sends patches or software updates to the same collection, no warning is given.

  • What if we could put warnings on ANY deployment type when sent to a collection containing large numbers of computers?
  • What if RBAC was more powerful and easier to use?
  • What if we could keep non-critical personnel out of the ConfigMgr console?
  • What if you could even add a bunch of support tools directly in to a single pane of glass?

Well that’s exactly what the Cireson True Control Center (TCC) does! 🙂

True Control Center is Cireson’s latest version of the Configuration Manager platform and allows organisations to control who sees and does what within Config Mgr all while making is super easy for them to come up to speed and learn so they can be more productive faster.

So lets take a look at each of the key points that Config Manager admins and Support Desk managers would be interested in:

Simple and Powerful RBAC

Using super simple RBAC rules it is possible to lock down what computers or users are visible to groups of users. This gives Config Manager admins the ability to limit what users can see and therefore the damage that can be inflicted if someone makes a mistake.

It also allows them to limit the number of applications that can be advertised and the number of computers that can be advertised to at one time. This removes the potential for an analyst to accidentally rebuild all your domain controllers to Windows 7. 🙂

Remote Manage Support Tools for Computers

True Control Center now introduces Remote Manage support tools that provide analysts with a wide range of simple tools to provide targeted and simple support to customers and computers all from within the browser.

Right clicking a computer and selecting Remote Manage provides a vast list of support tools including:

  • Basic Hardware information, including CPU, RAM, OS, Make and Manufacturer.
  • Process list and control. You can see and kill processes on the remote machine.
  • Services list and control. You can see and stop, start or restart services on the remote machine.
  • Client Actions and Logs. Support actions that allow analysts to trigger common support tools for client computers. Such as:
    • Remote Control
    • Client re-install
    • WMI repair
    • Remote PowerShell
    • and much more…..

TCC-Remote_Manage

Remote Manage Support Tools for Users

Quite often with Configuration Manager users in an environment are forgotten about. However, all the users in an AD domain are listed in Configuration Manger and are up to date. Wouldn’t it be great to introduce user tools to allow support actions such as Password Reset, Account unlock and Software Deployment?

Well now you can!
All from the one tool!

TCC-User_Manage

Audit Trail

A common security issue that is faced by organisations is how to audit who, internally, invoked specific actions. The most common example is resetting a users password. To allow support staff to reset passwords usually an organisation will grant users access to reset passwords via AD security then give the support staff access to AD Users and Computers. That user then has access to reset anyone’s user account and gain access to their account and there is no audit to show who did what when.

By using True Control Center to reset or unlock user accounts, there is a single service account that can unlock passwords and every time an account is unlocked or has it’s password reset, it event is logged against a specific user account that triggered it.

Simple and Intuitive User Interface

Any of the System Center products, while powerful, are complicated and to administer through a complex console interface. Many of the work-spaces and navigation nodes are not required by most staff and just add complexity and time to the learning of the solution.

True Control Center reduces complexity and removes the excess navigation menus that an average support representative would not require. This makes the time to benefit for analysts that are new to the tool very quick allowing them to be effective faster and with less confusion with the required learning curve.

Support Tool Integration

The nirvana of support tools for analysts is a “Single Pane Of Glass” that they can use to log calls, track and update calls, investigate and resolve calls and also report from.

In all my 20+ years of experience with ITSM tools, I can honestly say, I’ve NEVER seen an ITSM solution that even comes close to this goal……   until now.

With the recent release of v4.8.x of Cireson’s Analyst portal for System Center Service Manager, analysts now have access to all the regular ITSM goodness that the Analyst Portal provides, but now also access to the Remote Manage tools of True Control Center directly from any associated Computer CI!

  • No changing apps.
  • No need for multiple screens.
  • No need for copy and paste of machine names between apps.
  • All while being secure and audited.

Bliss!

But I don’t use System Center Service Manager, I hear you cry. (Why not? I ask…)
Don’t despair, The Truce Control Center functionality has a flexible API that you can use to create a custom integrated solution in to your ITSM tool of choice!

No Console App Required

Traditional use of the Configuration Manager console requires an analyst to install the Configuration Manager console on to their computer to administer or use the tools functionality. This locks the analyst to a specific workstations that they must return to or remote access to achieve even the most basic tasks.

True Control Center is a web based application and can therefore be accessed from anywhere including mobile devices and even outside the organisation. Analysts can trigger the required events from any browser without having the delay and effort of returning or remote accessing to their primary workstation.

Conclusion

True Control Center is an amazing tool that any organisation that runs Configuration manager should review. It quickly and easily delivers real world benefits to any analyst responsible for the configuration and health of end users and computers.

Reducing time-to-resolution is a constant goal for support organisations and the Cireson True Control Center solution delivers the tools to drive down the time and effort required to achieve the most common tasks all while ensuring security and the ability to audit activity.

Do your support team a favour and get an onsite trial organised today or even try it out in the online demo environment with no need to install a thing.

Advertisements

2018 Tech Trends and Predictions

As another year gets underway and we look forward to another year of technological breakthroughs and industry changing trends we often have to stop and re-evaluate our investments in some technologies and reaffirm our commitment to others.

2017 saw vast swings in technology with things like a Bitcoin bubble to rival any other bubble in history, amazing advances in Artificial Intelligence, Apple deliberately slowing their phones in an attempt to make us want to buy the “Latest and Greatest” phones and Cyber-attacks where at an all-time high including huge losses of user details across a wide range of companies such as Yahoo, Kmart, Equifax, Imgur, and even Uber.

2018 is shaping up to be even more disruptive as we see early indications of a buddle burst and potential entire collapse of Bitcoin, exciting advancements in mobile phone technology, VR and one of the most impactful security vulnerabilities to ever hit the industry in the form of the Meltdown and Spectre exploits.

So what are the technologies that are worth watching out for and looking in to how it may affect our businesses our industry or even society itself?

Here are my top 5 that I believe will make huge impacts in 2018.

Block Chain (The tech behind Bitcoin)

Bitcoin has been in the news a lot of late for some good reasons and some bad. More importantly than the massive swings in value of Bitcoin is the technology that makes it all work.

Block Chain is a new way of decentralizing the data required to drive many applications meaning that our transaction data is no longer required to be stored and secured by a specific company (Uber, AirBNB, Twitter, Google, FaceBook etc.). Instead, Block Chain databases allows for the authentication of a transaction (Let’s say a driver picking up and dropping off a passenger) with it all being encrypted, open source, highly available and unable to be corrupted without anyone noticing.

This technology does not have to be limited to financial transactions, but can also be used to verify identity of an individual. For example: Australia Post have announced it will be using Block Chain technology within its Digital ID platform.

I think that 2018 will be the watershed year for Block Chain and how it affects the way, we in the IT industry, think about data and trust across a wide range of applications.

AI, Bots and Digital Assistants

We’ve slowly seen the emergence of digital assistants such as Apples Siri, Amazons Echo and Alexa, Googles Assistant and even Microsoft’s Cortana, but these have been more of a novelty than something we rely on in our day to day lives.

As AI technology increases, even with basic pattern recognition improvements and big data mining techniques, we will see more and more applications for these will become more ubiquities and will really start to make an impact on our daily lives.

We are already seeing the emergence of Chat Bots in areas such as banking (Great examples are Wells Fargo and Australians Commonwealth Bank) however, each of these chat bots are specific to their own area of expertise and exposed to a specific data set that they can reply about.

Once we have a way to retrieve all of the required data from all of the companies we interact with, then we are going to see some great leaps ahead in how we interact with companies, consumers and even government agencies.

With access to more machine learning, in 2018 we should start to see proactive skills start to appear in our digital personal assistance that will notify us of suspect banking transactions, when our friends or pizza delivery are arriving, when we are due for a health check or even book all of our flights and accommodation ahead of time to get the best deals.

VR v’s AR v’s MR (Because we need more acronyms in our industry!)

Virtual Reality is awesome!

VR headsets such as the HTC Vive and the Oculas Rift are not new to 2018 but we will see increasing numbers of games and content that are tuned to VR. If you have ever used a VR headset then you will agree that the experience of playing an existing high end game in VR (Such as Fallout 4) is cool, but clunky as the original controls were never built with VR in mind. In 2018 we will see new high end content that is built for VR from the ground up will bring a level of realism to games that will literally be game changing. 🙂

Some tech that you may not have played with is AR or Augmented Reality especially in the form of the Microsoft HoloLens. I had a chance to try this nearly 2 years ago and the ability to see the real world but augment what you are seeing with the real world was revolutionary, but also limiting with its field of view etc.

MR, or Mixed Reality, is the next big thing and Microsoft are the leaders in this space with all the lessons they have learnt from HoloLens.

What is MR? Take all the positives of VR but remove the need for pre-mapping a room with special sensors. This opens up the world to a virtual experience without limitations.

2018 will see more innovation and a faster move towards some sort of augmentation on how we perceive the world. It may start with big bulky headsets but rapidly move to helmets, windscreens and regular old glasses before we start wearing them as contact lenses!!.

If the argument of VR v’s MR ever comes to a head, like the good old days of VHS v Betamax or Blue Ray v HDDVD, consider me squarely in the MR camp.

Being a System Center tragic I can’t predict technology in 2018 if I didn’t include some note about System Center and what I think will be on the horizon for the next 12 months.

System Center Configuration Manager

All of our favourite System Center product would have to be Configuration Manager. This has to be one of the easiest products in the IT industry to predict as we are not only given the opportunity to vote on the features we want using the UserVoice Feedback page but Microsoft even give us the next version ahead of time with the monthly Technical Preview releases.

One thing that is obvious from Microsoft’s direction is that InTune will become more and more integrated in to the product we know and love and make managing of devices outside of our perimeters easier and easier.

System Center Service Manager

Microsoft have announced that 2018 will be the year that Service Manager is going to join the Configuration Manager with a regular cadence of 6 monthly releases including new features by the end of 2018. This is fantastic news for the one System Center application that never seems to get the recognition it deserves.

v1801 has already been released and it adds the first new features we have seen since the release of 2012 and also some much needed security features, such as support for TLS 1.2.

For example, there is now Azure integration with Azure Action Groups via the IT Service Management Connector that allow you to set up rules to create incident work items automatically in Service Manager for alerts generated on Azure and non-Azure resources.

The authoring toolkit has also already been released and can be downloaded here.

There is no news at this stage on if Microsoft will release a Technical Preview of Service Manager or if they will host a UserVoice site for end user feedback…..   We can only hope.

 

Exciting times!

Microsoft’s New Intune Troubleshooting Portal is a Real Plus For Useful Support

Microsoft’s Intune product is not something that I have blogged much about, in fact this is the first blog I’ve ever written on the product. But that’s all about to change….

Microsoft Intune was originally designed as an online “Lite” version of System Center Configuration Manager for those smaller organisations with a very mobile workforce. It was very slow to gain much momentum as many organizations already has System Center Configuration Manager and could not see the value for the product.

Over the years Microsoft have slowly but surely moved focus of the Intune product to a more Mobile Device Management focus and even started to integrate in a “Hybrid” method in to System Center Configuration Manager. (More on this in later blog posts)

In late October this year (26th October 2016 to be precise) the Enterprise Mobility and Security team announced a new Troubleshooting Portal for the Azure platform.

This new troubleshooting portal provides analysts with a range of critical data exactly when and where they need it to resolve issues for end users who may be experiencing issues with their Intune connected mobile devices.

As the Microsoft Intune Team says in their announcement blog post:

Having the right data at your fingertips is a must when you’re troubleshooting issues with your end users. Intune’s new Troubleshooting Portal provides a “single pane of glass” for reviewing device status, assignments and policies affecting a user, eliminating the need to click into multiple workloads to diagnose issues.

…..this is a big win for IT Pros and Support or Helpdesk workers who want resolve end user issues faster with less effort.

The user details that an analyst can view for each user are:

  • User status
  • Group assignment
  • Application and policy assignments
  • App protection status
  • Compliance issues
  • Device status
    and
  • Device details (Such as OS type and version)

But I don’t want to give my Helpdesk staff access to my Intune environment!

No worries there.

Intune’s inbuilt Role Based Access Control (RBAC) solution allows for admins to grant access to support and helpdesk staff to just the items that they require and nothing else. The inbuilt Helpdesk Operator role grants members access to end users assignments, policies devices apps etc. and even see if their devices are registered in AD and in the future you will even be able to see applications installation status and enrollment status of devices.

Getting access to this level of information on the helpdesk at the time of a users call to the service desk is very powerful to assist staff in resolving any issues at first contact and getting your end users back to fully functional work as soon as possible.

If only Configuration Manager had a nice friendly website that we could give easy RBAC access to for Helpdesk and Support staff to get basic troubleshooting information without them needing the console or giving away the keys to the ConfigMgr kingdom……   Oh wait….   I’m sure I’ve blogged about that before…..  🙂

 

A New Way to Look at System Center Configuration Manager

If you are like me and have spent many years (even decades) looking at the Configuration Manager console you probably can’t think that there could possibly be any other way to do you work on a day-to-day basis. Navigating the Configuration Manager console becomes second nature after a while and we don’t really think about it.

However, what if there was a new way to look at the Configuration Manager console that was easy to teach new staff members to learn and use, gives staff members access to just the features they need (and no more) and is available everywhere we need it without needing an app installed?

Well now there is!

Cireson, Your System Center Experts, have announced the Cireson Portal for Configuration Manager. It is a web-based experience to help manage and standardise daily tasks outside of the native Configuration Manager Console. This new approach to the ConfigMgr console empowers everyone on your IT team with anywhere, anytime access to inventory data, collection membership, software management and deployment, OSD management and deployment, and more.

Full Disclaimer: At this point I want to make the disclaimer that I work for Cireson. I also want to point out that I have worked with ConfigMgr since SMS v2.0 and that I will try my utmost to not let my involvement with Cireson colour my judgement of this tool and what it means for the SysAdmin’s daily workload.

With that out of the way….. This product is the best thing since ADR’s!

Any admin who uses ConfigMgr on a daily basis knows what a HUGE relief it was when we got ADR’s in the 2012 release of ConfigMgr. It saved us hours of packaging and testing and mucking about. In my opinion, the Cireson Portal for Configuration Manager is the most important innovation to the administration of  ConfigMgr since ADR’s were introduced.

Why am I so confident about this portal and it’s claims? The answer is that it is build is being directed and overseen by Wally Mead himself. For anyone involved ins the Configuration Manager world for more than 5 minutes knows who Wally is, but in case you don’t Wally was involved with the ConfigMgr product within Microsoft for 22 years and literally wrote the book on all things ConfigMgr. So when I say this solution has pedigree, you know I mean it.

Enough talk, let’s take a look at some of the ways the Configuration Manager Portal changes the way people will use and interact with ConfigMgr on a daily basis.

If you are a ConfigMgr admin in Australia, no doubt you know, and often tell stories at dinner parties, about the incident where “SCCM Task Sequence blew up Australia’s CommBank” also reported as “Disastrous patch cripples CommBank“. Many ConfigMgr admins shudder at the thought of how easy this mistake was and often bring this up when explaining to their managers why they don’t want to give Service Desk or other IT teams access to the ConfigMgr console.

The Configuration Manager Portal is designed to give Configuration Manager Admins what they have always dreamed of… a way to easily give others access to the parts of Configuration Manager they require and nothing else! With the Configuration Manager Portal, Admins can easily configure targeted access for different Analyst Groups using Role-Based Access Control (RBAC) so that these Analysts can add Configuration Manager to their tool belt and maximise the value they bring to the business without the keys to the kingdom….   and potential disaster.

At the core of why the Configuration Manager Portal is it is a localized web-based portal and therefore there is no Configuration Manager Console deployment that needs to be created and maintained. Also it is a simplified interface that makes it easy to use and intuitive, thereby reducing the time that is required to spend on training Analysts.

cmp-security

Easy to scope security for all support teams

Don’t get me wrong, the Configuration Manager Portal is not designed to replace the OOB Configuration Manager Console for actual Configuration Manager Administrators. The traditional console has everything and admin needs to not only operate day-to-day, but also upgrade, plan, expand, migrate etc. But for non-admins, or non-admin tasks, the Configuration Manager Portal is perfect to get in and get the job done.

What about a specific example?

For many organisations, the Service Desk (Level 1 Support) is a volume business.  Time management and efficiency are the keys to success for incident and request triage, first-call resolution, and escalation. Correctly gathering and analysing required information about an incident or service request in an expedient manner allows for a faster resolutions or fulfillment of service.

Leveraging the Cireson Portal for Service Manager with the Configuration Manager Portal gives Service Desk Analysts the tools they need to gather and analyze the info they need to do their jobs more efficiently. Upon receiving an Incident Request, they can quickly use the Configuration Manager Portal to gain information on affected resources such as:

  • User Device Affinity lookup and edit
  • Current Inventory
  • Software Deployment Status

The Service Desk Analyst can also use the Configuration Manager Portal to initiate a Software Deployment on demand if you as the admin allows it via RBAC right.

intro-browse-computers-right-click-1

Simple console interface from any browser

What about Desktop Support or the Server team?

Desktop Support staff spend much of their time away from their assigned workstations resolving issues and providing services at the end user’s location. Having to access a locally installed Configuration Manager Console can add unnecessary time when needing to get the end user back to being productive. Server Support teams put a premium on time, especially when dealing with server outages. Therefore, Server Analysts need quick access to information and remediation tools for servers either from their desk or in the Data Center, and sometimes from remote locations.

Having a web based ConfigMgr console allows Desktop and Server teams to:

  • Get software update status and apply patches when necessary
  • Deploy or upgrade software, if required
  • Deploy a new OS Image to a computer or server
  • Migrate a computer to an new OS (such as Windows 10 + Office 365) using MDT
  • View reporting for all of the above
cmp-software

Easily deploy software, even when not at your desk.

Finally, Managers can easily report and track the overall health of the organisation using simple to access dashboards to get a high level view of the entire IT operation.

Watch a sneak peek of the solution featuring Cireson Co-Founder, Shaun Ericson, and Microsoft MVP, Wally Mead. View now.

The Cireson Portal for Configuration Manager will be generally available in early 2017. Learn more and sign-up for first-priority access here.

Getting More From ConfigMgr For SCSM

We all love Microsoft’s System Center Configuration Manager and the vast majority of the industry loves it too. As Microsoft have recently announced over 50Million end points are now covered by just the latest current branch build (1610) https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/configmgr-current-branch-surpasses-50m-managed-devices/?Ocid=C+E%20Social%20FY17_Social_TW_MSFTMobility_20161128_685262993

The amount of data points that are returned from the ConfigMgr client is huge and can be exceptionally useful when diagnosing issues or tracking down what is deployed in an organization.

However, out of the box, the data is limited to what Microsoft deem necessary. While this is fine for much of the time every now and then there is a requirement to find more or different information to track things that are not in the standard hardware inventory report.

A great example that was asked for recently is Monitors.

Some organizations want to be able to track monitors with their PC’s and therefore their locations etc.

What many people do not realise is that a monitors cable (even VGA) passes very basic information back to the PC. This data can contain a bunch of data that is relevant to the monitor such as:

  • Manufacturer
  • Model
  • Serial Number
  • Etc.

This data is an industry standard called Extended Display Identification Data (EDID). This data is in a consistent format so this allows us to be able to retrieve this data in a consistent way.

Once we retrieve the data we can use it to identify what Monitor is currently plugged in. All we then have to do is get the Configuration Manager client to return the data as part of the standard hardware inventory cycle.

Step 1: Storing the EDID Data Somewhere Locally

This step takes the EDID data and places it in to a location that we can simply retrieve via the ConfigMgr client.

To achieve this, we need to get the client to interrogate the monitor for the EDID information then save the data to an easy to retrieve location, such as the WMI of the local machine.

To do this, we use PowerShell.

Here is the code you will need:
Test this script before you use it in prod. The script is provided as is and is not supported. (The usual drill)

# Reads the 4 bytes following $index from $array then returns them as an integer interpreted in little endian
function Get-LittleEndianInt($array, $index) {

# Create a new temporary array to reverse the endianness in
$temp = @(0) * 4
[Array]::Copy($array, $index, $temp, 0, 4)
[Array]::Reverse($temp)

# Then convert the byte data to an integer
[System.BitConverter]::ToInt32($temp, 0)
}

# Creates a new class in WMI to store our data including fields for each of the data points that we can return
function Create-Wmi-Class() {
$newClass = New-Object System.Management.ManagementClass(“root\cimv2”, [String]::Empty, $null);
$newClass[“__CLASS”] = “MonitorDetails”;
$newClass.Qualifiers.Add(“Static”, $true)
$newClass.Properties.Add(“DeviceID”, [System.Management.CimType]::String, $false)
$newClass.Properties[“DeviceID”].Qualifiers.Add(“key”, $true)
$newClass.Properties[“DeviceID”].Qualifiers.Add(“read”, $true)
$newClass.Properties.Add(“ManufacturingYear”, [System.Management.CimType]::UInt32, $false)
$newClass.Properties[“ManufacturingYear”].Qualifiers.Add(“read”, $true)
$newClass.Properties.Add(“ManufacturingWeek”, [System.Management.CimType]::UInt32, $false)
$newClass.Properties[“ManufacturingWeek”].Qualifiers.Add(“read”, $true)
$newClass.Properties.Add(“DiagonalSize”, [System.Management.CimType]::UInt32, $false)
$newClass.Properties[“DiagonalSize”].Qualifiers.Add(“read”, $true)
$newClass.Properties[“DiagonalSize”].Qualifiers.Add(“Description”, “Diagonal size of the monitor in inches”)
$newClass.Properties.Add(“Manufacturer”, [System.Management.CimType]::String, $false)
$newClass.Properties[“Manufacturer”].Qualifiers.Add(“read”, $true)
$newClass.Properties.Add(“Name”, [System.Management.CimType]::String, $false)
$newClass.Properties[“Name”].Qualifiers.Add(“read”, $true)
$newClass.Properties.Add(“SerialNumber”, [System.Management.CimType]::String, $false)
$newClass.Properties[“SerialNumber”].Qualifiers.Add(“read”, $true)
$newClass.Put()
}

# Check whether we already created our custom WMI class on this PC, if not, create it
[void](Get-WmiObject MonitorDetails -ErrorAction SilentlyContinue -ErrorVariable wmiclasserror)

# If the wmiClassError is returned then assume that the WMI class does not exist yet and try to create a WMI class to hold the Monitor info
# If creating the WMI class fails, exit with error code 1
if ($wmiclasserror) {
try { Create-Wmi-Class }
catch {
“Could not create WMI class”
Exit 1
}
}

# Iterate through the monitors in Device Manager
$monitorInfo = @() #Empty array
Get-WmiObject Win32_PnPEntity -Filter “Service=’monitor'” | foreach-object { $k=0 } {
$mi = @{}
$mi.Caption = $_.Caption
$mi.DeviceID = $_.DeviceID

# Then look up its data in the registry
$path = “HKLM:\SYSTEM\CurrentControlSet\Enum\” + $_.DeviceID + “\Device Parameters”
$edid = (Get-ItemProperty $path EDID -ErrorAction SilentlyContinue).EDID

# Some monitors, especially those attached to VMs either don’t have a Device Parameters key or an EDID value. Skip these
if ($edid -ne $null) {

# Collect the information from the EDID array in a hashtable
$mi.Manufacturer += [char](64 + [Int32]($edid[8] / 4))
$mi.Manufacturer += [char](64 + [Int32]($edid[8] % 4) * 8 + [Int32]($edid[9] / 32))
$mi.Manufacturer += [char](64 + [Int32]($edid[9] % 32))
$mi.ManufacturingWeek = $edid[16]
$mi.ManufacturingYear = $edid[17] + 1990
$mi.HorizontalSize = $edid[21]
$mi.VerticalSize = $edid[22]
$mi.DiagonalSize = [Math]::Round([Math]::Sqrt($mi.HorizontalSize*$mi.HorizontalSize + $mi.VerticalSize*$mi.VerticalSize) / 2.54)

# Walk through the four descriptor fields
for ($i = 54; $i -lt 109; $i += 18) {

# Check if one of the descriptor fields is either the serial number or the monitor name
# If yes, extract the 13 bytes that contain the text and append them into a string
if ((Get-LittleEndianInt $edid $i) -eq 0xff) {
for ($j = $i+5; $edid[$j] -ne 10 -and $j -lt $i+18; $j++) { $mi.SerialNumber += [char]$edid[$j] }
}
if ((Get-LittleEndianInt $edid $i) -eq 0xfc) {
for ($j = $i+5; $edid[$j] -ne 10 -and $j -lt $i+18; $j++) { $mi.Name += [char]$edid[$j] }
}
}

# If the horizontal size of this monitor is zero, it’s a purely virtual one (i.e. RDP only) and shouldn’t be stored
if ($mi.HorizontalSize -ne 0) {
$monitorInfo += $mi
}
}
}

#$monitorInfo
# Clear WMI
Get-WmiObject MonitorDetails | Remove-WmiObject

# And store the data in WMI
$monitorInfo | % { $i=0 } {
[void](Set-WmiInstance -Path \\.\root\cimv2:MonitorDetails -Arguments @{DeviceID=$_.DeviceID; ManufacturingYear=$_.ManufacturingYear; `
ManufacturingWeek=$_.ManufacturingWeek; DiagonalSize=$_.DiagonalSize; Manufacturer=$_.Manufacturer; Name=$_.Name; SerialNumber=$_.SerialNumber})

#”Set-WmiInstance -Path \\.\root\cimv2:MonitorDetails -Arguments @{{DeviceID=`”{0}`”; ManufacturingYear={1}; ManufacturingWeek={2}; DiagonalSize={3}; Manufacturer=`”{4}`”; Name=`”{5}`”; SerialNumber=`”{6}`”}}” -f $_.DeviceID, $_.ManufacturingYear, $_.ManufacturingWeek, $_.DiagonalSize, $_.Manufacturer, $_.Name, $_.SerialNumber
$i++
}

The script needs to run on each PC on a regular interval to keep the data up-to-date. This ensures that if a monitor gets added or removed from a PC then the information is updated on a regular basis. Save the PowerShell script to a location that can be used by SCCM as the source location of a package. This location will be referenced as the Source Location for the remainder of this procedure.

Open the System Center 2012 Configuration Manager console  clip_image001
Select the Software Library workspace  clip_image002
Expand the Application Management node and select the Packages node  clip_image003
Select the subfolder where the package will be created, right click and select Create Package from the drop down list  clip_image004
Enter the following information:

Name: Monitor Details Gather

Description: Extract the monitor EDID information from the client and store the data in WMI ready for collection by SCCM

Version: 1.0

Click the checkbox labelled The package contains source files and click Browse

 clip_image005
Enter the UNC path to the Source Location folder created earlier in this procedure.

Click OK

Once back on the package screen, click Next

 clip_image006
Select Standard Program and click Next  clip_image007
Enter the following information:

Name: Get Monitor Details

Command Line: get-monitor-details.ps1

Run: Normal

Programs can run: Whether or not a user is logged on

Click Next

 clip_image008
Leave all settings as default and click Next  clip_image009

Confirm the settings and click Next to create the package

When the package creation is completed, click Close

Within the console, right click on the package and select Distribute Content from the drop down list  clip_imageb001
Click Next  clip_imageb002
Click Add and select Distribution Point from the drop down list  clip_imageb003
Select the distribution points that require the content and click OK  clip_imageb004
Once all distribution points have been added, click Next  clip_imageb005
Confirm all the settings and click Next  clip_imageb006
When the Distribute Content Wizard is completed, click Close  clip_imageb007

Once the package is created we need to deploy it out on to run on a regular schedule on clients. The script does need to be run often as the monitors will move from PC to PC over time. How frequently is up to each organization and what they are trying to achieve.

To setup a deployment:

Within the console, right click on the package and select Deploy from the drop down list  clip_imagec001
On the label collection label click the Browse button  clip_imagec002
Select the collection that the script will be deployed to and click OK.

On the previous screen, click Next

 clip_imagec003
Confirm that the content has been distributed to a distribution point and click Next  clip_imagec004
Select Required as the installation type and click Next  clip_imagec005
On the schedule wizard screen, click New  clip_imagec006
Click the Schedule button  clip_imagec007
Select the start time for when the script will run on the workstations.

Select a custom interval and set this schedule to recur every 1 days.

Click OK.

 clip_imagec008
Click OK  clip_imagec009
Click Next  clip_imagec010
Leave all settings as default and click Next  clip_imagec011
Leave all settings as default and click Next  clip_imagec012
Confirm the settings and click Next to create the package  clip_imagec013
When the Deploy software wizard is completed, click Close  clip_imagec014

Step 2: Retrieve the WMI Data via ConfigMgr

Now that we have the data stored in the WMI we need to get the ConfigMgr client to return the data next time it does a Hardware Inventory of the clients.

To ensure it is possible to read the correct fields within ConfigMgr the WMI class needs to exist on at least one PC that you have access to.

Select a PC to run the script on and execute the PS1 file.

This PC will be used later to query the class that will allow System Center 2012 Configuration Manager to collect inventory from all other workstations.

Select the Administration workspace  clip_imaged001
Select the Client Settings node  clip_imaged002
Select the Default Client Settings item,
OR
a client settings item that affects all workstation clientsRight click and select Properties
 clip_imaged003
Select Hardware Inventory from the settings list  clip_imaged004
Click Set Classes  clip_imaged005
Click Add  clip_imaged006
Click Connect  clip_imaged007
Enter the Computer name that the script was run on earlier in this procedure and click Connect  clip_imaged008
Select the MonitorDetails class from the list and click OK.

If the MonitorDetails class is not there, then the script has not run successfully on the computer you are connecting to. Make sure you test the PowerShell script and repeat if necessary.

Once the class is selected, click OK on the remaining open windows

 clip_imaged009

This process tells the client to retrieve the WMI class that we just created an populated using our PowerShell script. Once this is set, it will not need to be revisited unless the client settings change or are recreated for any reason.

And there we have it.

The PowerShell script will go out and run against clients updating the WMI and as these clients report in their Hardware inventory the monitor details will appear in the resource explorer like any other hardware detail.

For many, this may enough as they will be able to report on the ConfigMgr database and get the results they are after. Others want a more thorough view of Asset Management and may want to pull this information in to their Asset management solution to show these relationships.

In my next blog post, I will go through how to use the Cireson Asset Management Solution to pull in this data, create or update a Hardware Asset item for each monitor and finally how to associate it with the computer it is plugged in to.