Sherry Kissinger at myITforum.com

iPhone Inventory - Apps installed, last backup date, Version

iPhones ... ever get some other group come to you, and ask if you can gather information on devices which have almost nothing to with a Windows-based operating system? Like an iphone for example?  If so, and the information you were asked to gather bears a vague resemblance to what we were asked for, read on.

• The basics of how this was accomplished--it was not straightforward!  With a DCM Baseline/CI, a two recurring Script-based Advertisements, and 2 mof edits, we were able to gather some data regarding iphones within our corporate environment.  There are some caveats of course, the main one being that the data is only as good as the last time the end user docked their iphone with their Corporate computer, and the last time the script ran.  But considering that before this set of routines, management had almost no idea how many iphones were being docked with corporate assets, nor what was on them, it was a step forward to managing them.

The DCM CI:
The rationale for the DCM is mainly because I didn't want to target the script-based advertisement to every single computer in our company.  We have a lot of clients, and targeting only those computers which reported "iphone docked sometime, ever", I can set the advert to only go to those machines.  If you don't have those considerations, you can skip this step, and target "All Workstations" with the script-based advert, or some other collection that makes sense in your environment.

CI NAme:  iPhone Sync
CI Description: If Non-Compliant, computer has sync'd an iphone at some point in the past.
No Objects
Under Settings, there is one setting, a VBScript setting.  The script is attached in the .zip download linked at the bottom of this blog, called DCMCI.txt

What does it do?  It looks to see if there is a specifically named file that indicates an iphone backup has ever occurred.

For Validation, UNcheck "Report a non-compliance event when this instance count fails" (no instances is a pass)
Add a datatype of String Validation rule of Equals  No, and a Severity of Information - no Windows event message.

Now that you have the CI, add it into a Baseline; either create a new one, or add it to an existing one which targets the collections you want to check (like All Workstations).

• Once you get some data back for this CI, you can create a Collection with this query:

select SMS_R_SYSTEM.ResourceID
 from SMS_R_System inner join SMS_G_System_CI_ComplianceState on SMS_G_System_CI_ComplianceState.ResourceID = SMS_R_System.ResourceId where SMS_G_System_CI_ComplianceState.ComplianceStateName = "Non-Compliant" and SMS_G_System_CI_ComplianceState.LocalizedDisplayName = "iPhone Sync"

This collection is now the target for your script-based advertisements; the scripts which gather the interesting information into the registry, the stuff you want to gather with a mof edit.

The Script-Based Advertisements

There are two scripts, and two advertisements.  You might be able to get away with one; but in our environment some of the data was redirected to the end user's Network Home drive, so I could only gather it "when the user was logged in", so I had to have 2 scripts and 2 adverts.

• iphone_apps_perUser.vbs would be run only when a user is logged in, with user rights.  The purpose of this script is to gather up all of the names of the Apps as sync'd during the last backup.  It's a way of seeing "what apps do people have installed".  Presuming you have some applications which may violate your security practices, it's a way to see who if violating the agreements they signed when they first received their corporate iphone.
• iphone_xml_info.vbs can run whether or not a user is logged in.  the purpose of this script is to determine the last BackupDate (basically, last docked date), the Version of the iphone, and hopefully a clue (based on the userfolder) of to whom this iphone belongs.

Then, all you need is a #2 on staff, and you can get lovely SRS reports that look like this!  What's the goal?  For example, if you happen to know that version 1.0.1 of the iphone OS (I don't anything about iphones, so bear with me on this), is a bad thing somehow; like it's a security vulnerability, you'll be able to find that iphone owner, and arrange to have it upgraded.

Attached in the .zip:

-DCMCI.txt (the vbscript code to put in your CI)
-iphone_xml_info.txt (rename to .vbs to advertise to the collection based on the CI, whether or not user is logged in)
-iphone_apps_perUser.txt (rename to .vbs, to advertise to the collection based on the CI, only when a user is logged in with user rights)
-AddToSMS_Def.mof.txt
-AddToConfiguration.mof.txt
-some report pictures (not the actual sql report code tho, sorry)

Hardware Inventory Mof edit for .net Framework Versions (updated)

This updated mof snippet addresses v4.0 (currently in beta) of .net Frameworks.  If you currently have dotNetframeworks (older) mof edit, you may want to carefully check if replacing the old one with this new one will affect any current collection queries or reports.  I've made some changes to this, especially in regards to v3.0, compared to the old mof snippet.  It'll likely be fine; but I'm just letting you know!  You may want to remove the old one, SiteSweeper out the old data, and then put in this new one.  Also, there isn't any SP 's for v4 yet; so in the v4 section I made a complete guess about what the regkey might be if a ServicePack ever comes out for v4.  There may never be one, or if there is one, I've guessed the regkey incorrectly.  That might need to be updated if my guess is wrong.

//=================================DOTNetFrameworks
//===If ConfigMgr07, add this section to the bottom of sms_def.mof

#pragma namespace("\\\\.\\root\\cimv2\\sms")
#pragma deleteclass("DotNETFrameworks", NOFAIL)

[SMS_Report(TRUE), SMS_Group_Name("DotNetFrameworks"), SMS_Class_ID("CUSTOM|DotNETFrameworks|2.0")]
Class DotNETFrameworks : SMS_Class_Template
{
            [SMS_Report(TRUE),key]  string   Version;
            [SMS_Report(TRUE) ]     string   Installed;
            [SMS_Report(TRUE) ]     string   ServicePack;
            [SMS_Report(TRUE) ]     string   BuildNumber;
};

//=================================DOTNetFrameworks
//=======If ConfigMgr07, add this section to Configuration.mof

#pragma namespace("\\\\.\\root\\cimv2")
#pragma deleteclass("DotNETFrameworks",NOFAIL)
[DYNPROPS]
class DotNETFrameworks

{   [key] string    Version="";
          boolean   Installed;
          string    ServicePack;
          string    BuildNumber;
};

[DYNPROPS]
instance of DotNETFrameworks
{  Version="1.1.4322";
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v1.1.4322|Install"),Dynamic,Provider("RegPropProv")] Installed;
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v1.1.4322|SP"),Dynamic,Provider("RegPropProv")] ServicePack;
};

[DYNPROPS]
instance of DotNETFrameworks
{   Version="2.0.50727";
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v2.0.50727|Install"),Dynamic,Provider("RegPropProv")] Installed;
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v2.0.50727|SP"),Dynamic,Provider("RegPropProv")] ServicePack;
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v2.0.50727|Version"),Dynamic,Provider("RegPropProv")] BuildNumber;
};

[DYNPROPS]
instance of DotNETFrameworks
{   Version="3.0";
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.0|Install"),Dynamic,Provider("RegPropProv")] Installed;
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.0|SP"),Dynamic,Provider("RegPropProv")] ServicePack;
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.0|Version"),Dynamic,Provider("RegPropProv")] BuildNumber;
};

[DYNPROPS]
instance of DotNETFrameworks
{   Version="3.5";
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.5|Install"),Dynamic,Provider("RegPropProv")] Installed;
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.5|SP"),Dynamic,Provider("RegPropProv")] ServicePack;
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.5|Version"),Dynamic,Provider("RegPropProv")] BuildNumber;
};

[DYNPROPS]
instance of DotNETFrameworks
{   Version="4.0";
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client|Install"),Dynamic,Provider("RegPropProv")] Installed;
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client|SP"),Dynamic,Provider("RegPropProv")] ServicePack;
   [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client|Version"),Dynamic,Provider("RegPropProv")] BuildNumber;
};

A potential report:

select sys.netbios_name0,
dn.version0 as [Version Looked for],
dn.servicepack0 as [Service Pack if any],
dn.buildnumber0 as [Build Number],
Case when dn.installed0 = '1' then '*' else '' end as [Installed]
from
v_gs_dotnetframeworks0 dn
join v_r_system sys on sys.resourceid=dn.resourceid
order by sys.netbios_name0, dn.version0