iPhone Inventory - Apps installed, last backup date, Version

iPhones ... ever get some other group come to you, and ask if you can gather information on devices which have almost nothing to with a Windows-based operating system? Like an iphone for example?  If so, and the information you were asked to gather bears a vague resemblance to what we were asked for, read on.

 

  • The basics of how this was accomplished--it was not straightforward!  With a DCM Baseline/CI, a two recurring Script-based Advertisements, and 2 mof edits, we were able to gather some data regarding iphones within our corporate environment.  There are some caveats of course, the main one being that the data is only as good as the last time the end user docked their iphone with their Corporate computer, and the last time the script ran.  But considering that before this set of routines, management had almost no idea how many iphones were being docked with corporate assets, nor what was on them, it was a step forward to managing them.

 

The DCM CI:
The rationale for the DCM is mainly because I didn't want to target the script-based advertisement to every single computer in our company.  We have a lot of clients, and targeting only those computers which reported "iphone docked sometime, ever", I can set the advert to only go to those machines.  If you don't have those considerations, you can skip this step, and target "All Workstations" with the script-based advert, or some other collection that makes sense in your environment.

 

CI NAme:  iPhone Sync
CI Description: If Non-Compliant, computer has sync'd an iphone at some point in the past.
No Objects
Under Settings, there is one setting, a VBScript setting.  The script is attached in the .zip download linked at the bottom of this blog, called DCMCI.txt

 

What does it do?  It looks to see if there is a specifically named file that indicates an iphone backup has ever occurred.

 

For Validation, UNcheck "Report a non-compliance event when this instance count fails" (no instances is a pass)
Add a datatype of String Validation rule of Equals  No, and a Severity of Information - no Windows event message.

 

Now that you have the CI, add it into a Baseline; either create a new one, or add it to an existing one which targets the collections you want to check (like All Workstations).

 

  • Once you get some data back for this CI, you can create a Collection with this query:

 

select SMS_R_SYSTEM.ResourceID
 from SMS_R_System inner join SMS_G_System_CI_ComplianceState on SMS_G_System_CI_ComplianceState.ResourceID = SMS_R_System.ResourceId where SMS_G_System_CI_ComplianceState.ComplianceStateName = "Non-Compliant" and SMS_G_System_CI_ComplianceState.LocalizedDisplayName = "iPhone Sync"

 

This collection is now the target for your script-based advertisements; the scripts which gather the interesting information into the registry, the stuff you want to gather with a mof edit.

 

The Script-Based Advertisements

 

There are two scripts, and two advertisements.  You might be able to get away with one; but in our environment some of the data was redirected to the end user's Network Home drive, so I could only gather it "when the user was logged in", so I had to have 2 scripts and 2 adverts.

 

  • iphone_apps_perUser.vbs would be run only when a user is logged in, with user rights.  The purpose of this script is to gather up all of the names of the Apps as sync'd during the last backup.  It's a way of seeing "what apps do people have installed".  Presuming you have some applications which may violate your security practices, it's a way to see who if violating the agreements they signed when they first received their corporate iphone.
  • iphone_xml_info.vbs can run whether or not a user is logged in.  the purpose of this script is to determine the last BackupDate (basically, last docked date), the Version of the iphone, and hopefully a clue (based on the userfolder) of to whom this iphone belongs.

 

Then, all you need is a #2 on staff, and you can get lovely SRS reports that look like this!  What's the goal?  For example, if you happen to know that version 1.0.1 of the iphone OS (I don't anything about iphones, so bear with me on this), is a bad thing somehow; like it's a security vulnerability, you'll be able to find that iphone owner, and arrange to have it upgraded.

Attached in the .zip:

-DCMCI.txt (the vbscript code to put in your CI)
-iphone_xml_info.txt (rename to .vbs to advertise to the collection based on the CI, whether or not user is logged in)
-iphone_apps_perUser.txt (rename to .vbs, to advertise to the collection based on the CI, only when a user is logged in with user rights)
-AddToSMS_Def.mof.txt
-AddToConfiguration.mof.txt
-some report pictures (not the actual sql report code tho, sorry)

 

 

Published Wednesday, December 16, 2009 5:45 PM by skissinger
Filed under: , ,

Comments

# re: iPhone Inventory - Apps installed, last backup date, Version

What application do you use for reporting?

Thursday, January 28, 2010 11:33 AM by kingskawn

# re: iPhone Inventory - Apps installed, last backup date, Version

Those are SRS reports (SQL Reporting Services), the site role you can install when you have the R2 bits for ConfigMgr 2007.  And... by the way... vNext will only have SRS.  So if you don't have SRS installed, I encourage you to install it, and begin learning.

Tuesday, February 09, 2010 8:40 AM by skissinger