Friday, 14 February 2014

Custom WMI Classes and reporting into SCCM 2012

Based on my previous post re Custom WMI Classes (http://sccmshenanigans.blogspot.co.uk/2013/11/custom-wmi-classes-and-reporting-into.html) here's another custom class and scripts for obtaining Certificate information for all your devices.

Creating the new class

As with the previous example, run Powershell and run the command Get-WMIObject -class CertificateDetails and you should get an error re Invalid Class

So, same as with the MonitorDetails class, the code below will create the CertificateDetails custom WMI class

# Creates a new class in WMI to store our data
function Create-Wmi-Class()
{
    $newClass = New-Object System.Management.ManagementClass("root\cimv2", [String]::Empty, $null);

    $newClass["__CLASS"] = "CertificateDetails";

    $newClass.Qualifiers.Add("Static", $true)
    $newClass.Properties.Add("Thumbprint", [System.Management.CimType]::String, $false)
    $newClass.Properties["Thumbprint"].Qualifiers.Add("key", $true)
    $newClass.Properties["Thumbprint"].Qualifiers.Add("read", $true)
    $newClass.Properties.Add("SubjectName", [System.Management.CimType]::String, $false)
    $newClass.Properties["SubjectName"].Qualifiers.Add("read", $true)
    $newClass.Properties.Add("IssuerName", [System.Management.CimType]::String, $false)
    $newClass.Properties["IssuerName"].Qualifiers.Add("read", $true)
    $newClass.Properties.Add("Version", [System.Management.CimType]::String, $false)
    $newClass.Properties["Version"].Qualifiers.Add("read", $true)
    $newClass.Properties.Add("FriendlyName", [System.Management.CimType]::String, $false)
    $newClass.Properties["FriendlyName"].Qualifiers.Add("read", $true)
    $newClass.Properties.Add("ExpirationDate", [System.Management.CimType]::String, $false)
    $newClass.Properties["ExpirationDate"].Qualifiers.Add("read", $true)
    $newClass.Put()
}

# Check whether we already created our custom WMI class on this PC, if not, create it
[void](gwmi CertificateDetails -ErrorAction SilentlyContinue -ErrorVariable wmiclasserror)
if ($wmiclasserror) {
    try { Create-Wmi-Class }
    catch {
        "Could not create WMI class"
        Exit 1
    }
}

function Get-Cert()
{
    param ([string]$computer)

    $ro=[System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
    $lm=[System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
    $store=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\My",$lm)

    $store.Open($ro)

    $store.Certificates
}

$ComputerName = $ENV:COMPUTERNAME

$ComputerCerts = Get-Cert $ComputerName

$certs = @()

if ($ComputerCerts -ne $null)
{
    $ComputerCerts | % {
        $CertInfo = "" | select thumbprint,subjectname, issuername, version, friendlyname, expirationdate
        $CertInfo.Thumbprint = $_.thumbprint
        $CertInfo.SubjectName = $_.subjectname.name
        $CertInfo.issuername = $_.issuername.name
        $CertInfo.version = $_.version
        $CertInfo.friendlyname = $_.friendlyname.name
        $CertInfo.expirationdate = $_.getexpirationdatestring()
        $Certs += $CertInfo
    }
}

# Clear WMI
Get-WmiObject CertificateDetails | Remove-WmiObject

# And store the data in WMI
$Certs | % { $i=0 } {
    [void](Set-WmiInstance -Path \\.\root\cimv2:CertificateDetails -Arguments @{Thumbprint=$_.thumbprint;SubjectName=$_.SubjectName; IssuerName=$_.IssuerName; `
    Version=$_.Version; FriendlyName=$_.FriendlyName; ExpirationDate=$_.ExpirationDate})
    $i++
}


Once the above class has been created, retest on your machine and you should see information

Following the steps in the previous post, add the new class to the Hardware Inventory classes on Default Client Settings.  Again, watching the dataldr.log file you should see new SQL tables and views created.

When creating the baseline item, the discovery script is almost identical to the previous post: 

Discovery Script (Script Language : Powershell)
$ClassInfo = Get-WMIObject CertificateDetails -ErrorAction SilentlyContinue -ErrorVariable wmiclasserror

if ($wmiclasserror) { $ClassFound = 0 } else { $ClassFound = 1 }

$ClassFound

Create a new baseline item as per my previous posts, and then the certificate information will be reported back in you next hardware Inventory.

I also created 2 useful reports to use this information:

List of expired certificates

SELECT csys.name0, csys.Domain0, sys.Operating_System_Name_and0, sys.Active0, sys.Client0, certs.Thumbprint0,
    certs.FriendlyName0, certs.SubjectName0, CONVERT(DATE,certs.ExpirationDate0,104) AS ExpirationDate, certs.IssuerName0
FROM v_GS_COMPUTER_SYSTEM csys
LEFT OUTER JOIN v_R_System sys ON csys.ResourceID = sys.resourceID
INNER JOIN v_GS_CERTIFICATEDETAILS certs on csys.ResourceID = certs.ResourceID
WHERE CONVERT(DATE,certs.ExpirationDate0,104) < GETDATE()

List of certificates about to expire (within next 30 days)

SELECT csys.name0, csys.Domain0, sys.Operating_System_Name_and0, sys.Active0, sys.Client0, certs.Thumbprint0,
    certs.FriendlyName0, certs.SubjectName0, CONVERT(DATE,certs.ExpirationDate0,104) AS ExpirationDate, certs.IssuerName0
FROM v_GS_COMPUTER_SYSTEM csys
LEFT OUTER JOIN v_R_System sys ON csys.ResourceID = sys.resourceID
INNER JOIN v_GS_CERTIFICATEDETAILS certs on csys.ResourceID = certs.ResourceID
WHERE CONVERT(DATE,certs.ExpirationDate0,104) BETWEEN GETDATE() AND DATEADD(D,30,GETDATE())