Tuesday, 15 June 2021

Config Mgr 2105.2 - Device Custom Properties and the Administration Service

Introduction.

There is a lot of device data in Configuration Manager and this data can be used to target various systems with various management operations.  We may want to deploy a new driver to a particular Lenovo laptop model, for instance - and Configuration Manager should know about all the Lenovo laptops and what model number is relevant, and thus such an update task is very achievable. 

But what if we want to target an application to devices that belong to a particular cost center?  This requires a bit more thought and effort because the cost center property will probably not, unless you have extended HW inventory to pick up registry key or WMI instance values, be available as a property on those devices.

In technical preview release  2105.2, Microsoft has expanded the administration service so that it can be used to assign such non technical information to your site's devices.

What is the Administration Service?

It is beyond the scope of this article to delve under the hood of the administration service.  It is worth mentioning however that the administration service is similar in concept to the WMI service in that it provides a convenient way to programmatically direct the SMS Provider to do what you want it to do.  

Traditionally an SCCM administrator will have used VBScripts to create collections, distribute packages, delete machine entries, etc.  And in the last few years the SCCM administrator will have used PowerShell scripts because VBScripts are no longer the best tools for this work.

Ok so if we already have WMI to do all of this then why do we need the administration service as an alternative route to programmatic SCCM object management?  The answer is because the administration service provides API interoperability access over HTTPS, and this is convenient and necessary for internet based operations.  The administration service is a representational state transfer (REST) API.

For more information about the administration service see:

https://docs.microsoft.com/en-us/mem/configmgr/develop/adminservice/overview

For more information on how to set it up see:

https://docs.microsoft.com/en-us/mem/configmgr/develop/adminservice/set-up

Enabling the Service on your Test Primary Site

The good news, if you would like to begin your experimenting with the administration service - and you have the latest technical preview version of CM (2105.2 at the time of writing) is that the service is by default enabled.  All you really need to do, keeping it all simple, is enable enhanced https.  You can do this by navigating to Administration\Overview\Site Configuration\Sites.  Right click on your site and select Properties.  Click on the Communication Security tab.  Ensure that HTTPS or HTTP is selected and then check the Use Configuration Manager-generated certificates for HTTP site systems box is ticked.


In addition you may want to enable the Configuration Manager console to use the administration service.  In the same location and with your site selected, click the Hierarchy Settings icon in the upper ribbon.  Tick the option to Enable the Configuration Manager console to use the administration service.


Set a Custom Property on a device

In this example I will use PowerShell and the administration service to define a cost center property and value on a device.

In my technical preview Configuration Manager installation I do have a client named VM2468 active and healthy and registered to the database.  In the Configuration Manager console I navigate to Assets and Compliance\Devices and I right click on the VM2468 object and select Properties.  On the General tab I scroll down and take note of the Resource ID value - in this case it is 16777224.


In the top left hand corner of the Configuration Manager console I click on the down arrow and select Connect Via a Windows PowerShell, select A for Always Run when prompted.


The next thing for me to do is copy and execute each of the lines below into the PowerShell console.

$provider = "server2b.domain1.lab.tst"
$resourceID = "16777224"
$uri = "https://$provider/AdminService/v1.0/Device($resourceID)/AdminService.SetExtensionData"
$body = "{ExtensionData:{""CostCenter"":""S1234""}}"
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};
Invoke-RestMethod -Method "Post" -Uri $uri -UseDefaultCredentials -Body $body -ContentType "application/json"

The text in bold will need to be modified to suite your environment and requirements.


Viewing the extended property in a Configuration Manager  Query

Having added a CostCenter property with a value of S1234 to our device I can then create an SCCM query based on the following SQL statement

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ExtensionData on SMS_G_System_ExtensionData.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ExtensionData.PropertyName = "CostCenter" and SMS_G_System_ExtensionData.PropertyValue = "S1234"

I created a query named Cost Center with the above Query Statement.




And as expected when I ran the query, my machine whose NetBIOS name is VM2468, was returned in the result set.


And so this query can be used for the definition of a Configuration Manager collection to which management operations, such as application installations, can be directed.

View the SQL query in the SQL Server Profiler

Curious to see where this new data was actually located in the SQL database, I then ran the SCCM query while a SQL Server Profiler trace was running.



The Transact SQL query that is executed on the databases, when running the Configuration Manager Console query, is as follows:

select  all SMS_R_SYSTEM.ItemKey,SMS_R_SYSTEM.DiscArchKey,SMS_R_SYSTEM.Name0,SMS_R_SYSTEM.SMS_Unique_Identifier0,SMS_R_SYSTEM.Resource_Domain_OR_Workgr0,SMS_R_SYSTEM.Client0 from vSMS_R_System AS SMS_R_System INNER JOIN vSMS_G_System_ExtensionData AS SMS_G_System_ExtensionData ON SMS_G_System_ExtensionData.ResourceID = SMS_R_System.ItemKey   where (SMS_G_System_ExtensionData.PropertyName = N'CostCenter' AND SMS_G_System_ExtensionData.PropertyValue = N'S1234') OPTION(USE HINT('FORCE_LEGACY_CARDINALITY_ESTIMATION'))

So we can see that the custom property and value is to be found in the vSMS_G_System_ExtensionData view table.

Looking at the design properties of this view table we see that the custom data is stored in the ExtensionData table.




Thus running a simple query against this data we see our device whose resource id is listed as the InstanceKey value.




Conclusion

We have seen how the administration service can be used to easily add non device type properties, such as the cost center property, to a device that is registered in the Configuration Manager database.  In this example we used PowerShell to append the property and value to a device in an on-premise scenario.  This feature is a great bridge, allowing us to connect with data external to Configuration Manager and this is very useful for deployment targeting, collection building and also reporting.

I hope you enjoyed reading this article and I wish you the same success in your own testing,


No comments:

Post a Comment