How to enable Wake on LAN on Network Interface Cards using SCCM 2012 Compliance, by Ben Fisher

Recently I’ve been working on a few System Center 2012 Configuration Manager implementations coupled with the design and deployment of Windows 7 SOE’s. These sorts of projects always present situations where you need to do something custom, like copy a file, enable or disable a feature or setting or turn something on or off. I’ve always been more than capable of writing code whenever I’ve needed to accomplish something like this and traditionally I’ve headed straight towards writing a script or a custom exe (and even the odd service here and there), these have been my “go-to” solution.

Recently, that’s started to change.

These days I’ve started to see some significant advantages in using Compliance Configuration Items and Configuration Baselines instead of writing and executing scripts. Now, each time I start to think of a script to accomplish a task, I’m starting to ask myself “can I do this with in Compliance”? One of the reasons I’ve started thinking this way is because more often I have been wanting to 1) apply a configuration – and 2) ensure it remains as the default. This second part is where scripts fall a bit short (maybe not a custom service, but I’m not going to write a service for everything!).

The limitation with scripts is they’re designed to be executed by something, more or less as a one-time only task. In other words, once the script has been executed, unless it’s a running as service (or setup as some ugly registry Run key or even worse – a StartUp shortcut in the Start Menu), a script doesn’t have any native capability to re-execute if the configuration needs to be reapplied. A script can’t natively detect if the configuration has changed and raise an event to trigger re-run. This is where Configuration Items and Configuration Baselines within Configuration Manager stand out.

In this case, I’m wanting to enable the Wake On LAN Power Management options within the Network Interface Card.

EnableWOLNIC_01

To accomplish this task there is literally half a dozen ways to go about it. You can use powercfg from the command line or you can go at it with WMI using whatever language you like, or if you want to go over top you and get into some serious code land you can look at the Power Management API’s. One of the things you’ll notice about all of these options is depending on how you approach them, the configuration can be set when you execute the command or run the script (e.g. you could do it at the point of Operating System Deployment as part of your Task Sequence), but if an Administrator comes along at a later stage (how many times has a 1st/2nd/3rd level tech turned something off in an SOE without even realising it’s “ON” for a reason!?!?!?!) and turns off the Wake on LAN setting, these traditional scripted-style methods won’t automatically detect the configuration has changed and repair it.

Depending on how your organisation distributes things like Software Updates, if you’re relying on Wake On LAN, in this case you’ll possibly start to notice more and more systems stop waking up to install them.

This to me sounds like a great opportunity to leverage Configuration Items and Baselines within Configuration Manager as not only can we set the value we want, but the setting will continually be enforced. If someone comes along at a later stage and turns it off, then you can be assured the change will be detected and turned back on. Keen to see how I’ve done it? Let’s get to it.

In System Center 2012 Configuration Manager, navigate to Assets and Compliance –> Compliance Settings,  right-click on Configuration Items and select Create Configuration Item.

create-configuration-item

Enter a name, for mine I’ve used Enable Wake On LAN, click Next.

create-configuration-item 02

On the Supported Platforms page, I only want it to apply to Windows 7 systems so I selected Windows 7, click Next.

create-configuration-item 03

Here’s where it gets interesting.

The first item enables the setting “Allow this device to wake the computer

power-mgmt-1

Click to create a New Setting item.

create-configuration-item 04

On the Create Setting page, on the General tab set the required values.

  • Name: I’ve given mine the name of the WMI Class and Property Name I’m setting: MSPower_DeviceWakeEnable.Enable
  • Setting Type: WLQ Query
  • Data type: Boolean
  • Namespace: root\wmi
  • Class: MSPower_DeviceWakeEnable
  • Property: Enable
  • WHERE Clause: InstanceName Like ‘PCI%’  (I’ve done this to avoid the Compliance item applying to virtual NICs)

When these details have been entered, click on the Compliance Rules tab.

create-configuration-item 05

Click to create a New Compliance Rule.

create-configuration-item 06

On the Create Setting page, in the General tab set the required values.

  • Name: I’ve given mine the name of the WMI Class and Property Name I’m setting again: MSPower_DeviceWakeEnable.Enable
  • Rule Type: Value
  • Rule: Equals
  • Value: True
  • Remediate noncompliant rules when supported: Enabled
  • Noncompliance severity for reports: I’ve used Warning (use whatever you like)

When these details have been entered, click OK.

create-configuration-item 07

Click OK.

A second Compliance Rule is used to turn on/off the second option “Only allow a magic packet to wake the computer”.

power-mgmt-2

Click New.

create-configuration-item 08

On the Create Setting page, in the General tab set the required values.

  • Name: I’ve given mine the name of the WMI Class and Property Name I’m setting: MSNdis_DeviceWakeOnMagicPacketOnly.EnableWakeOnMagicPacketOnly
  • Setting Type: WLQ Query
  • Data type: Boolean
  • Namespace: root\wmi
  • Class: MSNdis_DeviceWakeOnMagicPacketOnly
  • Property: EnableWakeOnMagicPacketOnly
  • WHERE Clause: InstanceName Like ‘PCI%’

When you’ve entered these details, click on the Compliance Rules tab.

create-configuration-item 10

Click to create a New Compliance Rule.

create-configuration-item 06

On the Create Setting page, in the General tab set the required values.

  • Name: I’ve given mine the name of the WMI Class and Property Name I’m setting again: MSNdis_DeviceWakeOnMagicPacketOnly.EnableWakeOnMagicPacketOnly
  • Rule Type: Value
  • Rule: Equals
  • Value: True
  • Remediate noncompliant rules when supported: Enabled
  • Noncompliance severity for reports: I’ve used Warning (but again, use whatever you like)

When you’ve entered these details, click OK.

create-configuration-item 11

Click OK, then click OK.

create-configuration-item 12

The Compliance Rules are done, click OK.

create-configuration-item 13

Click Next.

create-configuration-item 14

On the Summary page, Click on Next.

create-configuration-item 15

Click Close

create-configuration-item 16

Verify your new Configuration Item exists.

create-configuration-item 17

Navigate to Assets and Compliance –> Compliance Settings, right-click on Configuration Baselines and select Create Configuration Baseline

create-configuration-item 18

Enter a name, I used Enable Wake On LAN, then click to Add a Configuration Item.

create-configuration-item 19

Select the Enable Wake On LAN Configuration Item and click Add

create-configuration-item 20

Click OK.

create-configuration-item 21

Click OK.

create-configuration-item 22

Navigate back to Assets and Compliance –> Compliance Settings –> Configuration Baselines and right-click on the new Enable Wake On LAN Configuration Baseline and select Deploy

create-configuration-item 23

On the Deploy Configuration Baselines page, the Enable Wake On LAN Configuration Baseline should already be selected.

I have selected the following options:

  • Remediate noncompliant rules when supported: Enabled
  • Allow remediation outside the maintenance window: Enabled
  • Generate an alert: Enabled, when compliance is below: 100%
  • Collection: For this demonstration I created a Collection called Enable Wake On LAN, but in production I deploy it to a Collection I created called ‘All Windows Workstation Clients’ which contains Windows 7 physical computers.

create-configuration-item 24

When these details have been entered, click OK.

To monitor the Compliance Item, navigate to Monitoring –> Deployments

create-configuration-item 25

If you want to view the Wake On LAN settings within Resource Explorer (and subsequently generate reports), you can easily add the WMI Classes to your Hardware Inventory by adding them to the Default Client Settings policy.

To do this, navigate to Administration –> Client Settings –> Edit the Default Client Settings policy.

Click on Hardware Inventory –> click Set Classes

create-configuration-item 26

Click Add

create-configuration-item 27

Click Connect

create-configuration-item 28

Enter the name of a Windows 7 computer, change the WMI namespace to root\wmi and make sure you select the Recursive option.

Click Connect.

create-configuration-item 29

Locate and place a check-box next to the two WMI Classes: (btw. mine appear as greyed out because I’ve already added them).

  • MSPower_DeviceWakeEnable
  • MSNdis_DeviceWakeOnMagicPacketOnly

Click OK.

create-configuration-item 30

Confirm the two WMI Classes have been added and click OK.

create-configuration-item 31

Click OK to close the Client Settings policy.

create-configuration-item 32

Once the updated policy settings have been received by the clients and at least one hardware inventory cycle has completed, you will be able to view the settings in Resource Explorer.

Before the Compliance Baseline has applied, the Enable value is 0.

create-configuration-item 33

After the Configuration Baseline has applied, the Enable value has changed to 1.

create-configuration-item 34

 

Hope you find this helpful.

 

Cheers,

Ben Fisher

Connect with me on LinkedIn: http://au.linkedin.com/in/fisherben

Follow me on Twitter: http://twitter.com/ben__fisher

Join my System Center 2012 LinkedIn Group: http://www.linkedin.com/groups?gid=3752127

email

Written by , Posted .
  • http://myITforum.com/myitforumwp/community/members/ealdrich/ Ed Aldrich

    Excellent article and a novel (logical!) approach to a very common problem. In our power management software businessat 1E we run into this scenario a LOT. We have a number of ways of solving the problem of course, but yours is quite elegant. The “other side of this story” involves the need to get WOL enabled in BIOS as well, which has yet another set of challenges. How slick would it be if there were a DCI based solution to this challenge as well? Food for thought around a follow-up article perhaps?

    Well done, Ben!

  • http://myITforum.com/myitforumwp/community/members/ealdrich/ Ed Aldrich

    One additional pointer for the benefit of the reader: this procedure will only help with “Wake from Sleep” not help with “Wake from Off” where both NIC “Advanced” tab settings and BIOS settings must be configured.

    BIOS settings may also need to be configured for “Wake from Sleep”.as well. For example, if “maximum power savings” is configured in BIOS this must be disabled to allow “wake from sleep”.

    Hope this helps.

  • http://myITforum.com/myitforumwp/community/members/benfisher/ Ben Fisher

    Hi Ed.
    Thanks for leaving a comment.
    I have been looking at BIOS settings for a while. In particular, I’ve looked at methods for automating things like TPM and PXE (will add WOL to this). The biggest headache here is the fact that each vendor (HP, Dell, Lenovo etc) interface with the BIOS differently. To make things worse, you even have variances between the various models within a given vendors product range. It’s crazy.
    I’ve taken this on-board. Can’t guarantee anything, but if something does comes from it, I’ll post it.
    Regards,
    Ben

    • http://myITforum.com/myitforumwp/community/members/ealdrich/ Ed Aldrich

      Spot On, Ben. I strongly suspect that – based on a lot of years of painful experience in the BIOS enablment space – you will find this to become “too hard”. We’ve developed internal processes to overcome this (special and highly sophisticated scripts), but this capability is not in the public domain unfortunately.

      What you HAVE accomplished here, however, is not to be discounted or minimized. Many may well find SLEEP mode to be perfectly suitable for their needs. THe single biggest shortcoming from using SLEEP as opposed to OFF is the major advantages around getting SWD and patching related reboots done off-hours.

  • http://myITforum.com/myitforumwp/community/members/adam-j/ Adam J

    Amazing article. I had no idea this could be accomplished. Quick question, though, what would I have to add to ensure that the second component “Allow this device to wake the computer” is disabled? With this enabled (and it seems to be by default) it allows certain machines to wake up from phantom broadcasts. Thanks!

  • http://myITforum.com/myitforumwp/community/members/adam-j/ Adam J

    Hmm….I’m also getting ‘Invalid Class’ Error ID 0X80041010 on a Windows 7 Professional Workstation. Any ideas?

    • http://myITforum.com/myitforumwp/community/members/jbpatric/ Jim Patrick

      Adam,

      I’m getting the same error. Were you able to solve this problem?

    • Tyler D

      I know this is old, but I ran into the same issue. I had followed the instructions copy and pasting all the significant parts, and still got the Invalid Class. For me the problem was the single quotes in “InstanceName Like ‘PCI%’” was being pasted as the wrong type of single quote (the one under the tilde, next to the one on US keyboard). I replace the quotes, and waited for the baseline to run and everything started working.

  • Witchdoc59

    Unfortunately it doesn’t seem to work. I’ve got all the computer at my site (300+/-) doing WOL but the Compliance Alert says that 0% are compliant.