Module DataSource de détection de l’hôte Service Guardian

Microsoft.Windows.GuardedFabric.10.0.DataSource.DiscoverGuardedHost (DataSourceModuleType)

Module DataSource pour la détection des hôtes Service Guardian

Element properties:

Member Modules:

Overrideable Parameters:

Source Code:

<DataSourceModuleType ID="Microsoft.Windows.GuardedFabric.10.0.DataSource.DiscoverGuardedHost" Accessibility="Internal">

  <Configuration>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="IntervalSeconds" type="xsd:unsignedInt"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="TimeoutSeconds" type="xsd:unsignedInt"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="ComputerPrincipalName" type="xsd:string"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int"/>

    <OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int"/>

    <OverrideableParameter ID="ComputerPrincipalName" Selector="$Config/ComputerPrincipalName$" ParameterType="string"/>

  </OverrideableParameters>

  <ModuleImplementation Isolation="Any">

    <Composite>

      <MemberModules>

        <DataSource ID="Scheduler" TypeID="System!System.Discovery.Scheduler">

          <Scheduler>

            <SimpleReccuringSchedule>

              <Interval Unit="Seconds">$Config/IntervalSeconds$</Interval>

            </SimpleReccuringSchedule>

            <ExcludeDates/>

          </Scheduler>

        </DataSource>

        <ProbeAction ID="PowerShellServerDiscoveryProbe" TypeID="Windows!Microsoft.Windows.PowerShellDiscoveryProbe">

          <ScriptName>Microsoft.Windows.GuardedFabric.10.0.Discovery.GuardedHost.ps1</ScriptName>

          <ScriptBody><Script># Microsoft.Windows.GuardedFabric.10.0.Discovery.GuardedHost.ps1

# Copyright (c) Microsoft Corporation.  All rights reserved.



param($sourceID,$managedEntityID, $computerName)



$api = New-Object -ComObject 'MOM.ScriptAPI'

$discoveryData = $api.CreateDiscoveryData(0, $sourceID, $managedEntityId)



#Get server data as ordered dictionary

try

{

	$getInfo =  Get-HgsClientConfiguration -ErrorAction Stop

}

catch

{

	$getInfo = @{}

}

if($getInfo.Count -ne 0)

{

	$clientInstance = $discoveryData.CreateClassinstance("$MPElement[Name='Microsoft.Windows.GuardedFabric.10.0.ComputerRole.GuardedHost']$")

	if ($getInfo.Mode -eq $null)

	{

		$mode = "Unknown"

	}

	else

	{

		$mode = $getInfo.Mode.ToString()

	}

	

	if ($mode -ieq 'Local')

	{

		$attUrl = "NotApplicable"

		$keyUrl = "NotApplicable"

	}

	else

	{

		$attUrl = $getInfo.AttestationServerUrl

		$keyUrl = $getInfo.KeyProtectionServerUrl



		# Take substring if the length is greater than 256, bc SCOM agent can't handle anything greater

		if ($attUrl.Length -gt 256)

		{

			$attUrl = $attUrl.SubString(0,253) + "..."

		}



		if ($keyUrl.Length -gt 256)

		{

			$attUrl = $attUrl.SubString(0,253) + "..."

		}

	}



	# Check if operation mode is null, then assign value

	if ($getInfo.AttestationOperationMode -eq $null)

	{

		$AttestationOperationMode = ""

	}

	else

	{

		$AttestationOperationMode = $getInfo.AttestationOperationMode.ToString()

	}



	#PROPERTIES

	$clientInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$",$computerName)

	$clientInstance.AddProperty("$MPElement[Name='Microsoft.Windows.GuardedFabric.10.0.ComputerRole.GuardedHost']/AttestationOperationMode$", $AttestationOperationMode)

	$clientInstance.AddProperty("$MPElement[Name='Microsoft.Windows.GuardedFabric.10.0.ComputerRole.GuardedHost']/AttestationURL$", $attUrl)

	$clientInstance.AddProperty("$MPElement[Name='Microsoft.Windows.GuardedFabric.10.0.ComputerRole.GuardedHost']/KeyProtectionURL$", $keyUrl)

	$clientInstance.AddProperty("$MPElement[Name='Microsoft.Windows.GuardedFabric.10.0.ComputerRole.GuardedHost']/Mode$", $mode)

	$clientInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $computerName)



	

	# Create Computer Role Class

	$computerRole = $discoveryData.CreateClassinstance("$MPElement[Name='Microsoft.Windows.GuardedFabric.10.0.ComputerRole']$")

	$computerRole.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$",$computerName)

	$computerRole.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $computerName)





	#ADD TO DISCOVERY DATA

	$discoveryData.AddInstance($clientInstance)

	$discoveryData.AddInstance($computerRole)

	# $api.LogScriptEvent("GuardedHostDiscovery.ps1", 6280, 0, "HGS Guarded Host Discovery script found that $computerName is running as a Guarded Host in $mode mode. $getInfo")

}

else

{

	$discoveryData.IsSnapshot = $true 

	# $api.LogScriptEvent("GuardedHostDiscovery.ps1", 6281, 0, "HGS Server discovery did not find that $computerName is running in the HGS Guarded Host Role.")

}



# Return found data

$discoveryData</Script></ScriptBody>

          <Parameters>

            <Parameter>

              <Name>sourceID</Name>

              <Value>$MPElement$</Value>

            </Parameter>

            <Parameter>

              <Name>managedEntityID</Name>

              <Value>$Target/Id$</Value>

            </Parameter>

            <Parameter>

              <Name>computerName</Name>

              <Value>$Config/ComputerPrincipalName$</Value>

            </Parameter>

          </Parameters>

          <TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>

          <StrictErrorHandling>false</StrictErrorHandling>

        </ProbeAction>

        <ProbeAction ID="RegistryProbe" TypeID="Windows!Microsoft.Windows.RegistryProbe">

          <ComputerName>$Target/Property[Type='Windows!Microsoft.Windows.Computer']/NetworkName$</ComputerName>

          <RegistryAttributeDefinitions>

            <RegistryAttributeDefinition>

              <AttributeName>WindowsCurrentVersion</AttributeName>

              <Path>SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion</Path>

              <PathType>1</PathType>

              <AttributeType>1</AttributeType>

            </RegistryAttributeDefinition>

          </RegistryAttributeDefinitions>

        </ProbeAction>

        <ProbeAction ID="WMIProbe" TypeID="Windows!Microsoft.Windows.WmiProbe">

          <NameSpace>\\$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$\root\cimv2</NameSpace>

          <Query>select Version from Win32_OperatingSystem</Query>

        </ProbeAction>

        <ConditionDetection ID="Filter" TypeID="System!System.ExpressionFilter">

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">Values/WindowsCurrentVersion</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">6.3</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </ConditionDetection>

        <ConditionDetection ID="Filter2" TypeID="System!System.ExpressionFilter">

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery>Property[@Name='Version']</XPathQuery>

              </ValueExpression>

              <Operator>MatchesRegularExpression</Operator>

              <Pattern>^(10.0.*|6.4.*|6.3.*|6.2.*)$</Pattern>

            </RegExExpression>

          </Expression>

        </ConditionDetection>

      </MemberModules>

      <Composition>

        <Node ID="PowerShellServerDiscoveryProbe">

          <Node ID="Filter2">

            <Node ID="WMIProbe">

              <Node ID="Filter">

                <Node ID="RegistryProbe">

                  <Node ID="Scheduler"/>

                </Node>

              </Node>

            </Node>

          </Node>

        </Node>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <OutputType>System!System.Discovery.Data</OutputType>

</DataSourceModuleType>