Pavleck.Net

Occasionally I’ll get some interesting requests from clients. One of those requests happened recently.

My client wanted to be able to see all of the servers that a certain process was running on. It was a ‘roaming’ process, and could be on any number of servers at any given time.  That’s easily solved with a dynamic group, a WMI query, and a custom attribute. In this example, I’ll be using the ubiqutous Notepad.exe

1. First, start the console, open the Authoring pane, then right click on attributes and select “Create New Attribute“.
2. Give your attribute a name - I used “Notepad Running” - and a nice description, then hit next.
   

   SCOM - Create Attribute Wizard - General Properties Page

3. Under “Discovery Type” select WMI Query and select your target and management pack. Windows Server_Extended is a good choice for something as open ended as our particular request is, but you can narrow it down if you’d like.
   Then hit next.
   

   SCOM - Create Attribute Wizard - Discovery Method

4. Under WMI Configuration we will build our query. Enter root\cimv2 for the namespace and for the query we’ll be using “Select * FROM WIN32_Process where Name = “notepad.exe”. The Property Name field is the most important part, and one not a lot of people understand right away. The “Property Name” field is what SCOM pays attention to, and what you use when you build groups and rules. In this example, I only want processes with notepad.exe to be returned, so I specify that in my query. For the Property name, I’m using Handle, which will always return something, but I could have used almost anything - such as ProcessID.
   

   SCOM - Create Attribute Wizard - WMI Configuration

   If I wanted to create a more generic attribute, I could have used the query “Select * FROM WIN32_Process”, with a property name of “Name”. Then I could create groups with attributes of <Attribute> equals <Process Name>. If you’d like to learn more about the various fields available to you, open CIM Studio, part of the WMI Administrative Tools bundle. When you execute a query, the column names are what we’re talking about here.

   

   CIM Studio - Results of WMI Query

5. After you’re done, hit finish and we’ll be back at the attributes pane. Do a quick search to make sure it was added, and we’re done here.
   

   SCOM - Search Results for custom attribute

6. Now right-click on groups and select “Create a new group”
   Give it a nice friendly name & description and for the management pack choose the same one you used when creating your attribute! That’s important, as dynamic inclusion rules only scope to what is available in the current management pack (And any dependent ones), so you’d be going crazy wondering where your attribute is if you used a different one. Then hit Next>
   

   SCOM - Create Attribute - Create Group Wizard

7. Under “Explicit Members” hit next, we don’t want to put anything in here.
8. Under “Dynamic Members” click on Create/Edit Rules. From the drop down, select the class your attribute was added to (In this case, it’s Windows Server_Extended) and hit add to insert a line. Click on the drop down for Property, and you should see the one we created called “Notepad Running”.
   

   SCOM - Create Attribute - Dynamic Group Query Builder 2

9. Select it, then finish up the formula. In this particular case we’re using “Greater than or equal to” as the operator and “1″ as the value.
   

   SCOM - Create Attribute - Dynamic Group Formula

   To be perfectly honest, you should consider this more of a ‘hack’. What happens is the agent runs “Select * FROM WIN32_Process where Name = ‘notepad.exe’” and returns the Handle property back to the server. The Handle property will never be 0 (Except for the System Idle Process). So if notepad.exe is running on a particular server, it will always return a Handle greater than or equal to 1. If notepad.exe isn’t running on a server, this query returns $null for the handle, which evaluates to FALSE in out Greater than or equal to formula.

10. Click on OK, then Next. Hit next on Subgroups and again on Excluded Members, then hit ‘Create’.

You’re finished. Wait some time for the new discovery to propogate fully, then right click on your newly created group and then “View Group Members”. And now you can interact with this group just like you’ve always been. Have fun!