Webcast Recap: Hardware and Software Auditing

This week on PDQ Live, we shared some great tricks to save you time and money during audit season.

Scan Profiles

Leverage WMI Scan Profiles to show the user profiles on target workstations. (0:59)

Leverage WMI Scan Profiles to show the user profiles on target workstations for hardware and software auditing

User Profiles.xml

Retrieve partial Windows Product Keys from target workstations. (3:09)

Windows Keys.xml

Use the disk scanner from the Standard Scan Profile to collect disk space information on a schedule. (4:58)

Details:

Triggers:

Disk Space.xml

Extra Resources

Hardware Auditing with Reports

Report: Windows 7 or 8 Workstations Upgradeable to Windows 10 (7:22)

Create a report listing the workstations on your network that have Windows 7 or Windows 8 installed. We added an additional filter to specify machines with less than 8GB of RAM.

Filters:

Report – Windows 10 Upgrades.xml

Report: Computer Hardware (9:05)

Create a report that returns a list of workstations, manufacturer, chassis type, and asset tag.

Columns:

Report – Computer Hardware.xml

Report: Critical Disk Space (15%) (16:04)

Create a report that returns computers with less than 15% disk space.

Columns:

Filters:

Report – Critical Disk Space.xml

Report: Microsoft Applications (17:22)

Create a report that returns Microsoft applications installed on workstations, excluding Visual C++, .Net, and KBs.

Columns:

Filters:

Report – Microsoft Applications.xml

Report: Microsoft Keys (Uses WMI Scan Profile) (18:54)

Create a report that shows keys returned by the Scan Profile we created earlier.

Columns:

Report – Microsoft Keys.xml

Report: Windows Licenses (PowerShell) (19:51)

  1. Create a Deploy package with PowerShell script that detects KMS/OEM/MAK license type and places a registry key on the target. GetWindowsLicense.ps1
  2. Create a registry scanner Scan Profile that looks for the registry keys put in place by the PowerShell script. Windows Licenses.xml
  3. Create Collections based on the registry entries returned by the Scan Profile.

Q&A

How can we audit what parts of the Microsoft Office suite are currently installed? Some machines are only authorized to have Outlook, but not Skype for Business, but the application name shows as Microsoft Office Professional Plus 2016 regardless of what was actually installed. (10:11)

The best way to handle this would be via a Registry Scanner to detect individual Office components. You can then create a report that shows what components are installed, based on the registry entries found with your custom Scan Profile.

Is there a way to get a report of everyone who has Adobe CCE products installed (Photoshop, InDesign, etc.), but exclude the people who only have Acrobat Pro installed? (11:47)

You can use the example Lex used during the webcast. If that doesn’t work, you can create a Registry Scanner (similar to the above question) to determine which Adobe components are installed. It’s a little more complicated to set up but should work well for this use case.

Due to our previous imaging system, we have several computers that have unallocated disk space (that is, their physical disk space is much greater than the logical size of all partitions). What’s the simplest way to build a report to find these stations so we can correct this? (22:24)

You can use a WMI scan profile to retrieve Win32_DiskDrive, Win32_DiskDriveToDiskPartition, and Win32_LogicalDisk from ROOTCIMV2. You should be able to compare the returned values and determine if the partitions are using the full physical disk or not.

It’s that time of year when all my users take the summer off while I work. I am pushing out the May Windows updates before they leave. I want to know if my Dynamic Collection is built correctly using the KBs using the Any and Not Any. Or is there an easier way? (23:24)

Use the built-in Collections as described in the webcast. If you need something a bit different, copy one of the defaults to use as a template. Edit any variables as needed and you should be good to go!

Can PDQ Inventory identify if a hard drive is NVMe? (32:56)

We don’t directly report on that information, unfortunately. You can use the Report that Colby provided that checks for an NVM Express Controller (NVM Express Controllers.xml), but that won’t let you know if it’s in use or not – only that it does exist.

Is there a way to have a dynamic collection to show Bitlocker percent encrypted? Does the check mark only show up once it’s 100% encrypted? (35:24)

We don’t track the progress of the encryption process. It’s just a Boolean value set in the database to mark the disk as encrypted or not.

Is there a way outside of WMI to identify if a machine’s boot mode is set to Legacy or UEFI? (38:29)

We have not found a way to do this outside of a WMI query. WMI works well, so if it’s not broke, don’t fix it!

Bonus Content

  • InformUsers.ps1
  • ScriptMcTest.ps1
  • Physical Disk Free Space.xml
  • NVM Express Controllers.xml
  • Memory Type.xml
  • WMI Memory Type.xml

Swag Winners

Thanks to everyone who submitted questions during the webcast! Here are this week’s lucky PDQ swag winners:

  • Nicholas G
  • William Z
  • Chris G
  • Anthony L

Your email address will not be published.

Your Name

This site uses Akismet to reduce spam. Learn how your comment data is processed.