Setup
Mid Server Configuration
...
- Windows - CPU / Memory, which is a WMI Probe is executed.
ECC Entry looks like this. In this case basically just a list of values it wants. Executed via mid server at 172.17.172.207.
Code Block language xml linenumbers true collapse true <?xml version="1.0" encoding="UTF-8"?><parameters><parameter name="used_by_discovery" value="true"/><parameter name="probe_name" value="Windows - CPU / Memory"/><parameter name="probe" value="b141fd470a0a0ba5001d3c32c7d834fb"/><parameter name="WMI_FetchData" value="Win32_Processor.NumberOfLogicalProcessors,Win32_Processor.NumberOfCores,Win32_PhysicalMemory.BankLabel,Win32_PhysicalMemory.DataWidth,Win32_PhysicalMemory.FormFactor,Win32_PhysicalMemory.DeviceLocator,Win32_PhysicalMemory.Manufacturer,Win32_PhysicalMemory.PartNumber,Win32_PhysicalMemory.SerialNumber,Win32_PhysicalMemory.Speed,Win32_PhysicalMemory.Status,Win32_PhysicalMemory.TotalWidth,Win32_PhysicalMemory.MemoryType,Win32_PhysicalMemory.TypeDetail,Win32_PhysicalMemory.Tag,Win32_PhysicalMemory.Capacity,Win32_Processor.Name,Win32_Processor.MaxClockSpeed,Win32_Processor.Manufacturer"/><parameter name="credential_id" value="a5896eea1366be0057f7b7a66144b0fd"/></parameters>
- This input is parsed by scripts on the mid server and executed on the target machine at 172.17.172.247. Here's some powershell logging showing the execution going against the remote host.
- Script is executed as PowerShell. See the log from the target machine here:
PowerShell_transcript.SPINUP-0005A8.NdOTnTCh.20170607142128.txt - Information is pulled back into the mid server and parsed. See the output here.
probe_response.xml - ServiceNow works it's magic to get it into the CMDB.
More Details
Script Files
Powershell and WinRM scripts are here:
https://yale.app.box.com/files/0/f/27799187643/Mid_Server_Powershell_Scripts_
Ecc Queue
One thing that's a bit confusing here is that we see WMI being invoked. This isn't actually remote WMI as evidenced above and is handled differently based on the protocol being used.
...
Without local admin
Work in progress...
Add user to Remote Admin Group
LocalAccountTokenFilterPolicy needs to be set for local account to work