Webcast Recap: Hardware and Software Audits

Randall Pace|June 12, 2019

This week on PDQ Live, we shared some great tricks to save you time and money during audit season.

Scan Profiles

Scan profiles

User Profiles.xml

Retrieve partial Windows Product Keys from target workstations

Windows Keys.xml

  • Use the disk scanner from the Standard Scan Profile to collect disk space information on a schedule. (4:58)


Disk Scanner


Scan profile - Triggers

Disk Space.xml

Hardware auditing with Reports

  • Report: Windows 7 or 8 Workstations Upgradeable to Windows 10 (7:22)

Create a report listing the workstations on your network that have Windows 7 or Windows 8 installed. We added an additional filter to specify machines with less than 8GB of RAM.


Define report filters

Report - Windows 10 Upgrades.xml

  • Report: Computer Hardware (9:05)

Create a report that returns a list of workstations, manufacturer, chassis type, and asset tag.


Define report - computer hardware types

Report - Computer Hardware.xml

  • Report: Critical Disk Space (15%) (16:04)

Create a report that returns computers with less than 15% disk space.


Critical Disk Space


Filters - Critical disk space

Report - Critical Disk Space.xml

  • Report: Microsoft Applications (17:22)

Create a report that returns Microsoft applications installed on workstations, excluding Visual C++, .Net, and KBs.


Microsoft Applications


Define report - Microsoft Applications

Report - Microsoft Applications.xml

  • Report: Microsoft Keys (Uses WMI Scan Profile) (18:54)

Create a report that shows keys returned by the Scan Profile we created earlier.


Microsoft Audit Keys

Report - Microsoft Keys.xml

  • Report: Windows Licenses (PowerShell) (19:51)

  1. Create a Deploy package with PowerShell script that detects KMS/OEM/MAK license type and places a registry key on the target.


  2. Create a registry scanner Scan Profile that looks for the registry keys put in place by the PowerShell script.

    Windows Licenses.xml

  3. Create Collections based on the registry entries returned by the Scan Profile.


  • How can we audit what parts of the Microsoft Office suite are currently installed? Some machines are only authorized to have Outlook, but not Skype for Business, but the application name shows as Microsoft Office Professional Plus 2016 regardless of what was actually installed. (10:11)

  • The best way to handle this would be via a Registry Scanner to detect individual Office components. You can then create a report that shows what components are installed, based on the registry entries found with your custom Scan Profile.

  • Is there a way to get a report of everyone who has Adobe CCE products installed (Photoshop, InDesign, etc.), but exclude the people who only have Acrobat Pro installed? (11:47)

  • You can use the example Lex used during the webcast. If that doesn’t work, you can create a Registry Scanner (similar to the above question) to determine which Adobe components are installed. It’s a little more complicated to set up but should work well for this use case.

  • Due to our previous imaging system, we have several computers that have unallocated disk space (that is, their physical disk space is much greater than the logical size of all partitions). What’s the simplest way to build a report to find these stations so we can correct this? (22:24)

  • You can use a WMI scan profile to retrieve Win32_DiskDrive, Win32_DiskDriveToDiskPartition, and Win32_LogicalDisk from ROOTCIMV2. You should be able to compare the returned values and determine if the partitions are using the full physical disk or not.

  • It’s that time of year when all my users take the summer off while I work. I am pushing out the May Windows updates before they leave. I want to know if my Dynamic Collection is built correctly using the KBs using the Any and Not Any. Or is there an easier way? (23:24)

  • Use the built-in Collections as described in the webcast. If you need something a bit different, copy one of the defaults to use as a template. Edit any variables as needed and you should be good to go!

  • Can PDQ Inventory identify if a hard drive is NVMe? (32:56)

  • We don’t directly report on that information, unfortunately. You can use the Report that Colby provided that checks for an NVM Express Controller (NVM Express Controllers.xml), but that won’t let you know if it’s in use or not - only that it does exist.

  • Is there a way to have a dynamic collection to show Bitlocker percent encrypted? Does the check mark only show up once it’s 100% encrypted? (35:24)

  • We don’t track the progress of the encryption process. It’s just a Boolean value set in the database to mark the disk as encrypted or not.

  • Is there a way outside of WMI to identify if a machine’s boot mode is set to Legacy or UEFI? (38:29)

  • We have not found a way to do this outside of a WMI query. WMI works well, so if it’s not broke, don’t fix it!

Bonus Content

  • InformUsers.ps1

  • ScriptMcTest.ps1

  • Physical Disk Free Space.xml

  • NVM Express Controllers.xml

  • Memory Type.xml

  • WMI Memory Type.xml

Check out more webcasts by visiting our YouTube channel.

Randall Pace

Randall has built his career on identifying and solving interesting problems. He is a serial hobbyist, lover of coffee and music, and lives on the road with his wife and kids.

Related articles