Steps by Step Guide to Enable the Members of All Local Groups of Machines inventory for ConfigMgr 2012,(Steps
tested on ConfigMgr 2012 Infra only),
Three phases to enable the local group details inventory,
Phase 1 à
Enable the cm_localgroupmembers classes
in hardware inventory client settings, if you already enabled then skip this
step.
Phase 2à
on Clients machines building the Custom WMI Namespace for cm_localgroupmembers under root\cimv2
using VB Scripts
Phase 3 à Reports
Steps for Phase
1
·
Save the below as "Localgroup.mof"
#pragma deleteclass ("LocalGroupMembers",NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("LocalGroupMembers"),
SMS_Class_ID ("LocalGroupMembers") ]
class cm_LocalGroupMembers : SMS_Class_Template
{
[SMS_Report (TRUE), key ] string Account;
[SMS_Report (TRUE) ] string Category;
[SMS_Report (TRUE) ] string Domain;
[SMS_Report (TRUE), key ] string Name;
[SMS_Report (TRUE) ] string Type;
};
[ SMS_Report (TRUE),
SMS_Group_Name ("LocalGroupMembers"),
SMS_Class_ID ("LocalGroupMembers") ]
class cm_LocalGroupMembers : SMS_Class_Template
{
[SMS_Report (TRUE), key ] string Account;
[SMS_Report (TRUE) ] string Category;
[SMS_Report (TRUE) ] string Domain;
[SMS_Report (TRUE), key ] string Name;
[SMS_Report (TRUE) ] string Type;
};
·
Open ConfigMgr Console, Click on
Administration, Client Settings, right-click 'Default Client Settings', and go to
properties. Select Hardware Inventory, then on the right "Set
Classes...", then "Import..." and browse to the Localgroup.mof file
you saved. A couple of OKs, later... then wait for 15 -30 Min.
·
CM_LocalGroupMembers classes added
successfully, Please verify in Hardware inventory class as per below screen
shot.
Steps for Phase
2
·
Download below VB Script text file & Save as
.VBS extension.
on error resume next
'Steps
'enumerate from win32_group where localaccount=1
'Read in the members of each local group returned
'Add the returned information to a custom WMI namespace
'sms-def.mof to pull that back.
Set fso = CreateObject("Scripting.FileSystemObject")
Set nwo = CreateObject("Wscript.Network")
Set sho = CreateObject("Wscript.Shell")
TempFolder = sho.ExpandEnvironmentStrings("%temp%")
strWindir = sho.ExpandEnvironmentStrings("%windir%")
strComputer = nwo.ComputerName
Dim wbemCimtypeSint16
Dim wbemCimtypeSint32
Dim wbemCimtypeReal32
Dim wbemCimtypeReal64
Dim wbemCimtypeString
Dim wbemCimtypeBoolean
Dim wbemCimtypeObject
Dim wbemCimtypeSint8
Dim wbemCimtypeUint8
Dim wbemCimtypeUint16
Dim wbemCimtypeUint32
Dim wbemCimtypeSint64
Dim wbemCimtypeUint64
Dim wbemCimtypeDateTime
Dim wbemCimtypeReference
Dim wbemCimtypeChar16
wbemCimtypeSint16 = 2
wbemCimtypeSint32 = 3
wbemCimtypeReal32 = 4
wbemCimtypeReal64 = 5
wbemCimtypeString = 8
wbemCimtypeBoolean = 11
wbemCimtypeObject = 13
wbemCimtypeSint8 = 16
wbemCimtypeUint8 = 17
wbemCimtypeUint16 = 18
wbemCimtypeUint32 = 19
wbemCimtypeSint64 = 20
wbemCimtypeUint64 = 21
wbemCimtypeDateTime = 101
wbemCimtypeReference = 102
wbemCimtypeChar16 = 103
' Remove classes
Set oLocation = CreateObject("WbemScripting.SWbemLocator")
'===================
'If this is a Domain Controller, bail!
'===================
Set oWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colComputer = oWMI.ExecQuery _
("Select DomainRole from Win32_ComputerSystem")
For Each oComputer in colComputer
if (oComputer.DomainRole = 4 or oComputer.DomainRole = 5) then
wscript.echo "DomainController, So I'm quitting!"
'wscript.quit
Else
'==================
'If it is NOT a domain controller, then continue gathering info
'and stuff it into WMI for later easy retrieval
'==================
Set oServices = oLocation.ConnectServer(,"root\cimv2")
set oNewObject = oServices.Get("CM_LocalGroupMembers")
oNewObject.Delete_
'==================
'Get the local Group Names
'==================
Dim iGroups(300)
i=0
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colGroup = objWMIService.ExecQuery("select * from win32_group where localaccount=1")
for each obj in colGroup
igroups(i)=obj.Name
i=i+1
next
'===============
'Get all of the names within each group
dim strLocal(300)
k=0
Set oLocation = CreateObject("WbemScripting.SWbemLocator")
Set oServices = oLocation.ConnectServer(, "root\cimv2" )
'group name, domain name, user or group
for j = 0 to i-1
squery = "select partcomponent from win32_groupuser where groupcomponent = ""\\\\" &_
strComputer & "\\root\\cimv2:Win32_Group.Domain=\""" & strComputer &_
"\"",Name=\""" &igroups(j) & "\"""""
Set oInstances = oServices.ExecQuery(sQuery)
FOR EACH oObject in oInstances
strLocal(k)=igroups(j) & "!" & oObject.PartComponent
k=k+1
Next
next
'==================
'Drop that into a custom wmi Namespace
'==================
' Create data class structure
Set oDataObject = oServices.Get
oDataObject.Path_.Class = "CM_LocalGroupMembers"
oDataObject.Properties_.add "Account" , wbemCimtypeString
oDataObject.Properties_("Account").Qualifiers_.add "key" , True
oDataObject.Properties_.add "Domain" , wbemCimtypeString
oDataObject.Properties_.add "Category" , wbemCimtypeString
oDataObject.Properties_.add "Type" , wbemCimtypeString
oDataObject.Properties_.add "Name" , wbemCimtypeString
oDataObject.Properties_("Name").Qualifiers_.add "key" , True
oDataObject.Put_
for m = 0 to k-1
Set oNewObject = oServices.Get("CM_LocalGroupMembers" ).SpawnInstance_
str0 = Split(strLocal(m), "!", -1, 1)
str1 = Split(str0(1), "," , -1, 1)
str2 = Split(str1(0), "\" , -1, 1)
str4 = Split(str2(4), Chr(34), -1, 1)
' The Account name or Group Name is inside the quotes after the comma
str3 = Split(str1(1), Chr(34), -1, 1)
' if the wmi source name is the same as the domain name inside the quotes, it' s a local account
' str2(2) is the wmi source name, str4(1) is the domain name inside the quotes.
If lcase(str2(2)) = lcase(str4(1)) Then
oNewObject.Type = "Local"
Else
oNewObject.Type = "Domain"
End If
oNewObject.Domain = str4(1)
oNewObject.Account = str3(1)
oNewObject.Name = str0(0)
Select Case lcase(str4(0))
case "cimv2:win32_useraccount.domain="
oNewObject.Category = "UserAccount"
Case "cimv2:win32_group.domain="
oNewObject.Category = "Group"
Case "cimv2:win32_systemaccount.domain="
oNewObject.Category = "SystemAccount"
case else
oNewObject.Category = "unknown"
end select
oNewObject.Put_
Next
wscript.echo "ok"
end if
Next
wscript.quit
· As per best pratices please run this script file on two there workstation machines before deploying on mass roll-out.
·
Verify the below WMI class exist or not in Client
machines after execute this script manually
·
If everything
is okay then deploy this Script on Clients machines using Software distribution
features
Steps for Phase
3
After successfully execute steps 1 & 2, Local group members
details are captured in SCCM database, V_GS_CM_LOCALGROUPMEMBERS View will
create automatically against ConfigMgr database,
Below the Standard SQL query to verify the local Group
members ship details,
You can customize the report or SQL Query as per your requirement.
J
Hi Praveen,
ReplyDeleteGood article, I have followed all the instructions given,
When I run the query against the ConfigMgr Database an error occurred: Invalid object name 'v_GS_Localgroupmembers'.
Also, is there any way to add another column for the logon timestamp?
Any suggestion?