Zero-Touch Inventory Scan for Windows can be customized by providing a specially prepared .xml containing instructions how to query the target device via WMI, as well as file system and the Windows registry.
To Create a Custom Scan Definition...
1.Go to the installation directory of RayVentory Scan Engine.
2.Start the executable file RemoteWmiInventory.exe with a single argument example.
3.Save the created file as scan template (by default it will be saved in your current working directory under the name example.xml).
4.Customize the file to include custom scanned content.
|
Be aware: The generated content does not reflect the default settings of Windows Inventory scans. |
After the file is created and customized, you can point to it by configuring the path under Settings > Inventory > Windows > Custom configuration.
|
WARNING This is a critical piece of the Windows Inventory functionality which can be easily broken by incomplete or incorrect configurations. We recommend to have it configured by one of our RayVentory Scan Engine consultants. Failing to correctly customize the Windows scan may result in broken scans or a huge load on the target systems and the networks. |
Sample Configuration File
The following shows a typical content of a custom scan definition:
<?xml version="1.0" encoding="utf-8"?>
<QueryFile xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Queries Mandatory="true" IsSoftware="false" WmiClass="Win32_ComputerSystem" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Manufacturer" />
<Fields WmiPropertyName="Model" />
<Fields WmiPropertyName="Domain" />
<Fields WmiPropertyName="DomainRole" />
<Fields WmiPropertyName="NumberOfProcessors" />
<Fields WmiPropertyName="NumberOfLogicalProcessors" />
<Fields WmiPropertyName="TotalPhysicalMemory" />
<Fields WmiPropertyName="Status" />
<Fields WmiPropertyName="UserName" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_ComputerSystemProduct" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="IdentifyingNumber" />
<Fields WmiPropertyName="Name" />
<Fields WmiPropertyName="UUID" />
<Fields WmiPropertyName="Vendor" />
<Fields WmiPropertyName="Version" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_OperatingSystem" Namespace="\root\cimv2" Name="Caption">
<Fields WmiPropertyName="Name" />
<Fields WmiPropertyName="Manufacturer" />
<Fields WmiPropertyName="Version" />
<Fields WmiPropertyName="ServicePackMajorVersion" />
<Fields WmiPropertyName="ServicePackMinorVersion" />
<Fields WmiPropertyName="SerialNumber" />
<Fields WmiPropertyName="InstallDate" />
<Fields WmiPropertyName="LastBootUpTime" />
<Fields WmiPropertyName="OSLanguage" />
<Fields WmiPropertyName="FreePhysicalMemory" />
<Fields WmiPropertyName="FreeVirtualMemory" />
<Fields WmiPropertyName="CountryCode" />
<Fields WmiPropertyName="WindowsDirectory" />
<Fields WmiPropertyName="SystemDirectory" />
<Fields WmiPropertyName="Caption" />
<Fields WmiPropertyName="CSDVersion" />
<Fields WmiPropertyName="Status" />
<Fields WmiPropertyName="CSName" />
<Fields WmiPropertyName="OSType" />
<Fields WmiPropertyName="OSArchitecture" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_BIOS" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Manufacturer" />
<Fields WmiPropertyName="Version" />
<Fields WmiPropertyName="ReleaseDate" />
<Fields WmiPropertyName="SerialNumber" />
<Fields WmiPropertyName="BiosCharacteristics" />
<Fields WmiPropertyName="Status" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_Processor" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Description" />
<Fields WmiPropertyName="Manufacturer" />
<Fields WmiPropertyName="Version" />
<Fields WmiPropertyName="ProcessorId" />
<Fields WmiPropertyName="CurrentClockSpeed" />
<Fields WmiPropertyName="CurrentVoltage" />
<Fields WmiPropertyName="L2CacheSize" />
<Fields WmiPropertyName="Status" />
<Fields WmiPropertyName="MaxClockSpeed" />
<Fields WmiPropertyName="Name" />
<Fields WmiPropertyName="ProcessorType" />
<Fields WmiPropertyName="NumberOfLogicalProcessors" />
<Fields WmiPropertyName="NumberOfCores" />
<Fields WmiPropertyName="DeviceID" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_DiskDrive" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Description" />
<Fields WmiPropertyName="InterfaceType" />
<Fields WmiPropertyName="Manufacturer" />
<Fields WmiPropertyName="Model" />
<Fields WmiPropertyName="Partitions" />
<Fields WmiPropertyName="Size" />
<Fields WmiPropertyName="Status" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_LogicalDisk" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Description" />
<Fields WmiPropertyName="VolumeName" />
<Fields WmiPropertyName="FileSystem" />
<Fields WmiPropertyName="FreeSpace" />
<Fields WmiPropertyName="Size" />
<Fields WmiPropertyName="VolumeSerialNumber" />
<Fields WmiPropertyName="DriveType" />
<Fields WmiPropertyName="MediaType" />
<Fields WmiPropertyName="Status" />
<Fields WmiPropertyName="ProviderName" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_CDROMDrive" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Description" />
<Fields WmiPropertyName="Manufacturer" />
<Fields WmiPropertyName="Drive" />
<Fields WmiPropertyName="Status" />
<Fields WmiPropertyName="Capabilities" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_NetworkAdapter" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Manufacturer" />
<Fields WmiPropertyName="MACAddress" />
<Fields WmiPropertyName="MaxSpeed" />
<Fields WmiPropertyName="Speed" />
<Fields WmiPropertyName="Status" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_NetworkAdapterConfiguration" Namespace="\root\cimv2" Name="Caption">
<Fields WmiPropertyName="Caption" />
<Fields WmiPropertyName="Description" />
<Fields WmiPropertyName="Index" />
<Fields WmiPropertyName="MACAddress" />
<Fields WmiPropertyName="IPEnabled" />
<Fields WmiPropertyName="DHCPEnabled" />
<Fields WmiPropertyName="IPAddress" />
<Fields WmiPropertyName="DHCPServer" />
<Fields WmiPropertyName="DNSHostName" />
<Fields WmiPropertyName="DNSDomain" />
<Fields WmiPropertyName="DNSServerSearchOrder" />
<Fields WmiPropertyName="DefaultIPGateway" />
<Fields WmiPropertyName="IPSubnet" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_PhysicalMemory" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Capacity" />
<Fields WmiPropertyName="MemoryType" />
<Fields WmiPropertyName="PositionInRow" />
<Fields WmiPropertyName="Speed" />
<Fields WmiPropertyName="Status" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_SoundDevice" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Name" />
<Fields WmiPropertyName="Manufacturer" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_VideoController" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="Name" />
<Fields WmiPropertyName="VideoProcessor" />
<Fields WmiPropertyName="DriverVersion" />
<Fields WmiPropertyName="DriverDate" />
<Fields WmiPropertyName="InstalledDisplayDrivers" />
<Fields WmiPropertyName="AdapterRAM" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_VideoConfiguration" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="AdapterRAM" />
<Fields WmiPropertyName="AdapterType" />
<Fields WmiPropertyName="Description" />
<Fields WmiPropertyName="HorizontalResolution" />
<Fields WmiPropertyName="MonitorManufacturer" />
<Fields WmiPropertyName="MonitorType" />
<Fields WmiPropertyName="Name" />
<Fields WmiPropertyName="VerticalResolution" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_SystemEnclosure" Namespace="\root\cimv2" Name="Name" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="SoftwareLicensingProduct" Namespace="\root\cimv2" Name="Name">
<Fields WmiPropertyName="ApplicationID" />
<Fields WmiPropertyName="Description" />
<Fields WmiPropertyName="EvaluationEndDate" />
<Fields WmiPropertyName="GracePeriodRemaining" />
<Fields WmiPropertyName="LicenseStatus" />
<Fields WmiPropertyName="MachineURL" />
<Fields WmiPropertyName="Name" />
<Fields WmiPropertyName="OfflineInstallationId" />
<Fields WmiPropertyName="PartialProductKey" />
<Fields WmiPropertyName="ProcessorURL" />
<Fields WmiPropertyName="ProductKeyID" />
<Fields WmiPropertyName="ProductKeyURL" />
<Fields WmiPropertyName="UseLicenseURL" />
</Queries>
<Queries Mandatory="false" IsSoftware="false" WmiClass="SoftwareLicensingService" Namespace="\root\cimv2" Name="KeyManagementServiceProductKeyID">
<Fields WmiPropertyName="ClientMachineID" />
<Fields WmiPropertyName="IsKeyManagementServiceMachine" />
<Fields WmiPropertyName="KeyManagementServiceCurrentCount" />
<Fields WmiPropertyName="KeyManagementServiceMachine" />
<Fields WmiPropertyName="KeyManagementServiceProductKeyID" />
<Fields WmiPropertyName="PolicyCacheRefreshRequired" />
<Fields WmiPropertyName="RequiredClientCount" />
<Fields WmiPropertyName="Version" />
<Fields WmiPropertyName="VLActivationInterval" />
<Fields WmiPropertyName="VLRenewalInterval" />
</Queries>
<Queries Mandatory="false" IsSoftware="true" WmiClass="Win32_Product" Namespace="\root\cimv2" Name="Name" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="MGS_MSSQL2000" Namespace="\root\cimv2" Name="Name" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="MGS_MSSQL20058" Namespace="\root\cimv2" Name="Name" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_ComputerSystem" Namespace="\root\virtualization" Name="Name" Evidence="virtualization" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_VirtualSystemSettingData" Namespace="\root\virtualization" Name="Name" Evidence="virtualization" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_MemorySettingData" Namespace="\root\virtualization" Name="Name" Evidence="virtualization" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_ProcessorSettingData" Namespace="\root\virtualization" Name="Name" Evidence="virtualization" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_KvpExchangeComponent" Namespace="\root\virtualization" Name="Name" Evidence="virtualization" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_ComputerSystem" Namespace="\root\virtualization\v1" Name="Name" Evidence="virtualization\v1" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_VirtualSystemSettingData" Namespace="\root\virtualization\v1" Name="Name" Evidence="virtualization\v1" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_MemorySettingData" Namespace="\root\virtualization\v1" Name="Name" Evidence="virtualization\v1" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_ProcessorSettingData" Namespace="\root\virtualization\v1" Name="Name" Evidence="virtualization\v1" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_KvpExchangeComponent" Namespace="\root\virtualization\v1" Name="Name" Evidence="virtualization\v1" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_ComputerSystem" Namespace="\root\virtualization\v2" Name="Name" Evidence="virtualization\v2" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_VirtualSystemSettingData" Namespace="\root\virtualization\v2" Name="Name" Evidence="virtualization\v2" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_MemorySettingData" Namespace="\root\virtualization\v2" Name="Name" Evidence="virtualization\v2" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_ProcessorSettingData" Namespace="\root\virtualization\v2" Name="Name" Evidence="virtualization\v2" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Msvm_KvpExchangeComponent" Namespace="\root\virtualization\v2" Name="Name" Evidence="virtualization\v2" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_serverFeature" Namespace="\root\cimv2" Name="Name" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="MSCluster_Cluster" Namespace="\root\MSCluster" Name="Name" />
<Queries Mandatory="false" IsSoftware="false" WmiClass="Win32_Service" Namespace="\root\cimv2" Name="Name" />
<Keys Namespace="\root\cimv2" Hive="HKEY_LOCAL_MACHINE" Path="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" View="64" />
<Keys Namespace="\root\cimv2" Hive="HKEY_LOCAL_MACHINE" Path="SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" View="32" />
<Keys Namespace="\root\cimv2" Hive="HKEY_LOCAL_MACHINE" Path="SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters" View="32">
<Values>
<RegistryValue Name="PhysicalHostNameFullyQualified" Type="string" />
<RegistryValue Name="VirtualMachineId" Type="string" />
<RegistryValue Name="VirtualMachineName" Type="string" />
</Values>
</Keys>
<Keys Namespace="\root\cimv2" Hive="HKEY_LOCAL_MACHINE" Path="SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters" View="64">
<Values>
<RegistryValue Name="PhysicalHostNameFullyQualified" Type="string" />
<RegistryValue Name="VirtualMachineId" Type="string" />
<RegistryValue Name="VirtualMachineName" Type="string" />
</Values>
</Keys>
<Files GetContent="true" SearchSubdirs="false" Path="temp*\*" DriveLetter="c" FileName="*.bat" />
</QueryFile>
|
Note: When the Docker or IBM DB2 scanner class (MGS_Docker_Version or MGS_IBM_DB2) is enabled in the custom .config file, then the device targeted by the scan is accessed via SMB (ADMIN$ share) to copy the result data file. Therefore, the user executing the scan needs to have the required permissions. |
|
Note: When filescan is configured in the Windows Zero Touch custom configuration file, some paths are excluded from the search.
The following paths are excluded: •All paths that contain one of the following: o$recycle.bin oWindows\WinSxS oWindows\Assembly oprogramdata\packagecache •All paths that start with the following: o\windows |