Versions Compared

Old Version 5

changes.mady.by.user Dan Franko

Saved on

compared with

New Version Current

changes.mady.by.user Dan Franko

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Setup

Mid Server Configuration

...

  1. Windows - CPU / Memory, which is a WMI Probe is executed.

  2. ECC Entry looks like this.  In this case basically just a list of values it wants.  Executed via mid server at 172.17.172.207.

    Code Block
    languagexml
    linenumberstrue
    collapsetrue
    <?xml version="1.0" encoding="UTF-8"?><parameters><parameter name="used_by_discovery" value="true"/><parameter name="probe_name" value="Windows - CPU / Memory"/><parameter name="probe" value="b141fd470a0a0ba5001d3c32c7d834fb"/><parameter name="WMI_FetchData" value="Win32_Processor.NumberOfLogicalProcessors,Win32_Processor.NumberOfCores,Win32_PhysicalMemory.BankLabel,Win32_PhysicalMemory.DataWidth,Win32_PhysicalMemory.FormFactor,Win32_PhysicalMemory.DeviceLocator,Win32_PhysicalMemory.Manufacturer,Win32_PhysicalMemory.PartNumber,Win32_PhysicalMemory.SerialNumber,Win32_PhysicalMemory.Speed,Win32_PhysicalMemory.Status,Win32_PhysicalMemory.TotalWidth,Win32_PhysicalMemory.MemoryType,Win32_PhysicalMemory.TypeDetail,Win32_PhysicalMemory.Tag,Win32_PhysicalMemory.Capacity,Win32_Processor.Name,Win32_Processor.MaxClockSpeed,Win32_Processor.Manufacturer"/><parameter name="credential_id" value="a5896eea1366be0057f7b7a66144b0fd"/></parameters>


  3. This input is parsed by scripts on the mid server and executed on the target machine at 172.17.172.247.  Here's some powershell logging showing the execution going against the remote host.

  4. Script is executed as PowerShell.  See the log from the target machine here:
    PowerShell_transcript.SPINUP-0005A8.NdOTnTCh.20170607142128.txt
  5. Information is pulled back into the mid server and parsed.  See the output here.
    probe_response.xml
  6. ServiceNow works it's magic to get it into the CMDB.

More Details 

Script Files

Powershell and WinRM scripts are here:

https://yale.app.box.com/files/0/f/27799187643/Mid_Server_Powershell_Scripts_

Ecc Queue

One thing that's a bit confusing here is that we see WMI being invoked.  This isn't actually remote WMI as evidenced above and is handled differently based on the protocol being used.

...

Without local admin

Work in progress...

Add user to Remote Admin Group

LocalAccountTokenFilterPolicy needs to be set for local account to work