Hello All,

Firstly I would like to apologise if this has been asked already but I am not able to find a specific answer, and secondly I am fairly new to SCCM so might have to bare with me.

As you have guessed by the title we are trying to use Sherry's Local Admin Query but the steps mentioned refer to SCCM 2007 which I believe is slightly different in the way things are described and laid out.

Ok here are the steps from Sherry's blog with my comments / pleas for help.

Step 1:  The DCM Configuration Item.
- Create a new, General Configuration Item, call it whatever Name you wish, but you'll need to use that name later in a report.  For this demo, the name is "Local Group Members into WMI", click Next - OK have managed this step so far, this is done under "Assets and Compliance" (bottom left of console) then expand "Compliance Settings" right click on "Configuration Items" and select "Create Configuration Item" this launches the Wizard.

- There are no Objects, click Next - HELP does this relate to SCCM 2007 only as I cant see this in the Create Configuration Item Wizard in SCCM 2012

- Under Settings, Select New, Script.
  - Display Name doesn't matter, I'll call it "WMIFramework For LocalGroupMembers" - Got It
  - Description can be anything, perhaps something like "Building the Custom WMI Namespace of root\cimv2\cm_localgroupmembers for later inventory retrieval" - Done
  - and paste in the vbscript - OK so you need to change the "Setting Type" to Script here, HELP - I am guessing that "Data Type" is String, then click the "Add Script" button. New window opens change "Script Language" drop down to VBScript and copy in the provided script.
  - Click on the Validation Tab, and change Severity to "Information - no Windows Event Message".  Retain the check box for "report a non-compliance event when this instance count fails, of Greater than 0 - HELP cant find this, is this "Compliance Rules" in SCCM 2012 if so cant see change Severity to "Information - no Windows Event Message. But can see a checkbox for "Report noncompliance if this setting instance is not found" which is slightly different to "report a non-compliance event when this instance count fails, of Greater than 0
  - OK
- Applicability = All Windows Platforms. - OK but this is earlier in the SCCM 2012 Wizard

Hopefully if someone can help me over these steps then we should be able to crack the rest.

Many thanks for your help in advance.

Graham

Hello Torsten,

I had seen this post but is doesn't answer my questions as far as I can see?

1. Console.  Assets and Compliance.  Compliance Settings.  Configuration Items
2. Create a new configuration item.
3. Give it a name, retain the default type of "Windows".  next.
4. For Supported Platforms, retain the default of all of 'em, next.
5. On Settings. click   New...
6. Give it a name
7. Setting Type, change from the default listed to "Script"
8. Data type is "String"
9. Click on "Add Script..."
10. Change the script language to "VBScript"
11. Paste in the script below, the same one in the blog entry used for CM 2007.
12. Click OK.  OK.  Next/Next/Next/Close.   -- Basically we're skipping asking for compliance.  We honestly don't care.  We'll know if the script ran successfully because you'll either get data back into your database from inventory--or you won't.  If you don't get inventory data back (after you update the client agent settings to inventory cm_localgroupmembers) then the logical conclusion is that the script didn't run right.  But I don't need a state message for that, personally.  Don't care enough.
    
13. ok, now you have the CI.  You still need the baseline, and to assign that baseline to a collection.  I hope you can take it from here...

Hi Sherry..

im having the exact same issue.

I created the CI following your steps. The client evaluate the baseline, returns compliant but the script is not running, if i run the script manually it add / modificates the wmi info.. but on the baseline nothing happends.

Where can i trace to know where is stucked??

Thanks

Hi Sherry,

I was wondering if you may have any ideas as to why the script does not seem to run when used in a configuration item and baseline?  I am having the same issue as Jose stated...deployed baseline to collection shows computers listed as compliant but I've not seem the LocalGroupMembers populate into the hardware inventory.

On a separate computer I manually ran the script and then a hardware inventory cycle and it almost immediately placed that info in Resource Explorer.

Any ideas or comments will definitely be appreciated.

Thanks!

No, no ideas why it doesn't work.  the answer of "it works for me" isn't that helpful, I know.

contact me at mofmaster   at

myitforum.com

if you want me to help; we could modify the script to dump a log file or something--see if it runs at all.

Hi Sherry,

I was wondering if you may have any ideas as to why the script does not seem to run when used in a configuration item and baseline?  I am having the same issue as Jose stated...deployed baseline to collection shows computers listed as compliant but I've not seem the LocalGroupMembers populate into the hardware inventory.

On a separate computer I manually ran the script and then a hardware inventory cycle and it almost immediately placed that info in Resource Explorer.

Any ideas or comments will definitely be appreciated.

Thanks!

In the DcmWMIProvider.log file on a PC that this Baseline is deployed to but seeming to not run the script has the following info from today:

<![LOG[Initialize called for the provider]LOG]!><time="00:14:00.303+300" date="03-13-2013" component="UDAProvider" context="" type="1" thread="3080" file="udaprovider.cpp:116">
<![LOG[CreateInstanceEnumAsync called for the provider]LOG]!><time="00:14:00.303+300" date="03-13-2013" component="UDAProvider" context="" type="1" thread="3080" file="udaprovider.cpp:181">

Not sure if this is helpful or not...

What that indicates is that there is a problem with DCM and DCM is not exporting the script to a temp file before executing it.

Im seeing the same thing but I have not been able to open a case with CSS on the subject. I will likely not be able to get to this until mid-April at the earliest. BTW based on my research there are many people having the same problem.

any updates regarding this? I am experiencing the same, the VB script will simply not run with DCM on 2012 - which would definitely be the preferred method in order to update the WMI on a regular basis.

any updates regarding this? I am experiencing the same, the VB script will simply not run with DCM on 2012 - which would definitely be the preferred method in order to update the WMI on a regular basis.

Offline Sherry provided me with an exported .cab file that contained the CI and Baseline.  All I had to do was import it into SCCM and then deploy it.  It seems to be working as expected and populating the local groups into WMI.

She mentioned she was probably going to blog about it and provide that .cab file for everyone to use in order to make things simple.

I do see DcmWMIProvider.log on the test-workstations, however, its been a long time since they had any update (last modified months ago).

I can also see the baseline under "Configurations" tab in Configration Manager, and if I do an "Evaluate", and then "View report", the client repports to be "Compliant". 

Nevertheless, the WMI namespace remains empty.

• Edited by Eirik Holgernes Thursday, March 21, 2013 8:33 AM

I do see DcmWMIProvider.log on the test-workstations, however, its been a long time since they had any update (last modified months ago).

I can also see the baseline under "Configurations" tab in Configration Manager, and if I do an "Evaluate", and then "View report", the client repports to be "Compliant". 

Nevertheless, the WMI namespace remains empty.

So if DCMWMIProvider.log is NOT updating when you click Evaluate, It means there is a problem with DCM on the client. So far (to my knowledge) no one (including me) has contact CSS about this issue. Yes, I had a few informal discussion with MS about this but honestly I just haven't had time to open a case with them on this yet. (I plan to open one after MMS)

When I get my head above water again, I will review Sherry's new Cab version to original version. I honestly expect to see very little changed in it.

I'm glad to see that Sherry have got this work.. I have quickly tested in in my lab and it work great.

Hi,

We've made a little progress on this we are getting the same issue with the Script not writing anything to the CIMv2 namespace. Our DCMWMIProvider log on our tests are coming back with the same log entries as Brian above. We've been scratching our heads wondering if it could be a permissions issue preventing the namespace being created/written to.

Graham

I marked both posts by Sherry as proposed answer, simply because they have the answer!

I have imported the cab, and verified the tiny changes to the VB script (nice touch on logging btw), and it works as intended on a SCCM 2012 (non SP1 environment - should work on SP1 as well).

To those still having problems with DCM and not executing the script, download/import the cab files as proposed in the following blog post. Ignore/delete your old configuration items regarding this.

http://mnscug.org/blogs/sherry-kissinger/244-all-members-of-all-local-groups-configmgr-2012

I believe the previous problems were related to location on where the script was copied/run, but the new one works as intended. 

Thanks Sherry

• Edited by Eirik Holgernes Sunday, March 24, 2013 8:21 PM minor changes

Hi Sherry, thanks for a great solution ....I tested it on 3 machines one server 2008 and two server 2012, I noticed that the DCM run on 2008 and get the info into the SCCM Database ...and I saw the log file in C:/Windows/Temp folder BUT nothing from the 2012 OS machines ....and no log file in Temp folder .....Does it tested on Windows Server 2012 or 2012 R2 ?  or needs modification on the script ?

Thanks for support.