Installing Asset Intelligence in SCCM

In a normal SCCM Environment you get Software Information out of the „Add/Remove Software“ Registry Key which you can view in the SCCM Report „Software – Companies and Products\Software registered in Add Remove Programs“ or (much simplier) in the Enterprise Manager Inventory view.

Diese Diashow benötigt JavaScript.

This behavior has some restrictions:

  • Not every software will register there
  • The Product/Manufacturer Names as well as the Version information are not standardized
  • In case of a product suite (eg. Office) you can not see, if its an Office with or without Access

For this reason it should be useful to configure the „Asset Intelligence Module“ in SCCM. This module will download an extendable catalog of 1752871 (September 2016) Software titles with categories and hardware requirement information and add this to the SCCM database. The following article will describe, how to enable the Asset Intelligence Module in your SCCM Environment.

Activate inventory

If you do a new/fresh installation of SCCM, AI is not activated. To do that you have to activate the inventory classes. You can do that on two different ways:

  1. Goto „Administration“ -> „Client settings“ and edit your client profile. In Hardware Inventory you use the option „Set classes“ and Filter in the dropdown by „Asset Intelligence“ classes. After that you can enable the classes you want.
  2. Alternativly you can enable the classes in „Asset and Compliance“ -> „Asset Intelligence“ and use the option „Edit inventory classes“.

Diese Diashow benötigt JavaScript.

Install „Asset intelligence Synchronization Point“

Switch to „Administration“ -> „Servers and Site System roles“ and „Add a site system role“ in the context menu of a Management Point. In the role selection you have to choose the „Asset Intelligence synchronisation point“ role.

2016-09-14-14_54_43-add-site-system-roles-wizard

I had a very bad experience by trying to load the data from Microsoft over an proxy server. if you have errors like „Expired crendetials“ or „Error in XML document“ in the „AIUpdateSvc.log“ you can restart the AI_UPDATE_SERVICE_POINT component in the Configuration Manager Service Manager. My recommendation is, to bypass the proxy server for all SCCM communication.

Diese Diashow benötigt JavaScript.

It is alos possible, that the certificate, which is needed will be outdated. Last time this happened May 29th 2015 and it was needed to install patch to refresh the certificate. Possibly next time (2017-03-20) this will be updated by a SCCM Update, but keep this in mind. You will get the following error message:

Expired credentials/certificate/token. Need to re-provision online account

The synchronization of the catalog can took several hous. In this examples there where more than 2500 batches to download and every batch took several seconds (with a 30MBit/s Line).

If the synchronization was successful, you will an appropriate information in the GUI and the Log file.

Diese Diashow benötigt JavaScript.

Now start a Hardware Inventory lifecycle and wait a time. When all Asset Intelligence data are created you will be able to use the reports in SCCM,  access the Inventory Information via SCCM as well as EM console (please be patient. It could take several hours after the information will appear here).

Diese Diashow benötigt JavaScript.

Activating Security Event Log auditing

Some of the reports are using data of the security event log. In details that are

  • Hardware 03A – Primary Computer Users
  • Hardware 03B – Computers for a Specific Primary Console User
  • Hardware 04A – Shared (Multi-user) Computers
  • Hardware 05A – Console Users on a Specific Computer

If you want to be able to use this reports, you have to activate the audit of the security event logs for successful events within a GPO.

2016-09-16-09_29_28-audit-logon-events-properties

 

Conclusion

With Asset intelligence you are able to normalize your inventory data and do better analysis over your data and build a good basis for License Management projects.

Also if you use Enterprise Manager it could be useful to create new Collections and Rollout Reports based on AI data.

But be careful with that, in huge enviroments it is possible that it will kill your server, specially if you are activate the successful security audit logging (which is definitivly not the best way to monitor logins 😉 ).

Advertisements

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s