Last week,I was having a discussion with manager about the User IE Home page/Start page to get report on, how many users are set to Company intranet Page.I then asked him,what is the method ,company currently follow to set IE Home page .He then replied,GPO ? my response for this was,if GPO,then the Home page for IE should be set to the required one for all Domain Users (Domain users: where ever the GPO applied to) and using GPO,will have more control to restrict user to not to change the default IE Home page (Disable changing home page settings. and less troubleshooting required .
I check my computer,the Default IE Home Page set to the correct one but I do have flexibility to change it to custom. So boss asked me to try if there is way to get a compliance report on User IE Home page ,in case the GPO may not be applied to some of the OU to be identified.
Since the IE Home Page information stored in HKCU,we cannot use regkeytomof (it works only with HKLM) or MOF Extension or DCM (not easy).
The possible solution for this is involved with, 1) Create Custom WMI location 2) Copy the User IE home page info into this location 3)Edit the MOF to retrieve this WMI information into SCCM Database.
The above solution would work but how would you provide full permissions to WMI location to publish the User Registry info ? If users do not have admin rights on their computers ?
Long ago,there was a discussion on sccm forum list ,about the this issue to get User IE home pages Using Configuration manager.Our MOF Master Sherry Kissinger has got workaround for this issue which I am going shortly.
This procedure requires creation of package with 2 programs (legacy is preferred and easy) 1) machine 2 ) User with dependency on machine.
Create a folder with standard naming convention as per required on your network share and place these files into it .files can be downloaded from http://eskonr.com/?wpdmdl=5651
1.wmiNameSpaceandSecurity.vbs—>This script will create custom WMI name location ( root\CustomCMClasses—>CM_IEStartPages) using file called WmiSecurity.exe.
2.UserIEStartPage.vbs:This script publish the information from HKCU to custom WMI name location which is created using above script.
Before we start creating the packages,edit the script wmiNameSpaceandSecurity.vbs and replace the domain name to your domain name and save the script.
Create Package with 2 programs:
1.Create package with program cmd line: cscript.exe wminamespaceandsecurity.vbs under system context
2. Right click on the package created above and select Create program (no need to create new package) with cmd line:cscript.exe UserIEStartPage.vbs under user context
and select ‘Run another program profile first’
we now created package with 2 programs :
Distribute the package to DP group or DP’s.
Now create deployment using UserIEStartPage to required collection.
Time to test the results:
Login to PC that has this deployment ,run machine policy ,monitor execmgr.log for progress of this deployment.
from above log, program executed successfully.
lets checkout the WMI classes and inventory information what is captured from HKCU.
open cmd and type wbemtest.exe ,connect to “root\CustomCMClasses”
lets checkout the homepage values from WMI class using simple WQL Query before we start working with MOF file.
while you are connected to “root\CustomCMClasses” ,Click on Query and use this query to run: SELECT * FROM CM_IEStartPages
From above, se see that ,User has set 2 tabs when IE Opens.Double click on either of the one and click on show MOF to see the URL page.
So far, All good. Now lets try doing some changes to the MOF to collect this information via Inventory on schedule basis (If Required,crate custom inventory to specific collection instead of doing it on default ).
Go to your CM12 Primary Site administration pane (if you have CAS then you should do make these changes there )—>client settings—Default settings. (You must import the custom attributes here before you create custom client settings.
we have now imported the custom WMI info into CM12 but we did not enable this setting to be collected from Configmgr clients.
on the background,Configmgr will be creating new table/view (CM_IESTARTPAGES_DATA/v_GS_CM_IESTARTPAGES) to store the information that comes from clients which can be monitor from dataldr.log from your Site server logs:
Now ,Create custom client agent setting that can be applied onto test collection before making to Big collection .
Deploy this setting to test collection and wait for the results (client should pick the new settings and send the inventory info to Site server). After a while,you see the information in CM12 Database.
Here is the Simple SQL Query:
SELECT vrsv.Netbios_Name0 [machine name],isp.username0,isp.startpage0,isp.tab0,isp.datescriptran0
FROM v_GS_CM_IESTARTPAGES IsP,dbo.v_R_System_Valid AS vrsv
WHERE vrsv.ResourceID=isp.resourceid