SCCM – Local Administrator Inventory via MIF

Have you ever wanted to collect local administrator information on a regular basis? If you have ConfigMgr, here’s how to do it. We gave you some background recently through Jesse’s post about MIF files found here.

Here’s what we’re going to accomplish:

  • Gather the members of the local administrators group on all Windows clients and servers
  • Ensure the data is updated regularly through the use of ConfigMgr’s hardware inventory cycles
  • Extend ConfigMgr’s HWI classes to add the Local Administrator information in Resource Explorer as seen here:

96

We need to set some ConfigMgr client agent properties, so navigate to Administration Node > Client Settings > choose the client settings to modify > and select Hardware Inventory. A couple of modifications to the properties of Hardware inventory – Collect MIF files and change the Custom Inventory Size (optional) as seen here:
1

Now, you’ll need to create the MOF file to extend the ConfigMgr inventory classes. Here’s the MOF I created for the Local Admins solution:
5
Here’s the .DOCX file so you don’t have to retype: MOF

After you have your MOF created, you’ll import the MOF into Configuration Manager. In the hardware inventory area of the client properties, select ‘set classes’ as seen here:
2

In the hardware inventory classes properties, select ‘import’ and import your MOF you created earlier, as seen here:
3

4

Ensure you see the success on the import like this:
6

To verify, in the hardware inventory classes screen, search for local and ensure the follow occurs:
7

The hardware inventory class has now been extended. The next step is to generate a MIF file on a regular basis. The method I’ve used in the past is to run a recurring deployment/advertisement that executes a script (VBS in this case, soon to be updated to powershell). Here’s the VBScript I’ve used in the past:
8

9
And here’s the .DOCX file so you don’t have to retype: script

Here is the pertinent parts of the deployment:
91

92

93

Here’s the default location of where the MIF is written once the script is executed:
94

This is what the MIF should look like when opened with Notepad:
95

Here’s the end result:
96

Write me an E-mail or comment on this post with questions. Enjoy!

Update: I forgot to mention, the path for MIF in the VBScript will need to be updated for Site servers. You can use requirement rules, or the good ol’ fashioned way of controlling deployments via collections to control what scripts are running on what clients/servers.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s