Home
  •  

SCOM Management Server PowerShell Properties Discovery

SCOM.Management.Server.Class.PowerShell.Properties.Discovery (Discovery)

Element properties:

TargetSCOM.Management.Server.Class
EnabledTrue
Frequency86400
RemotableFalse

Object Discovery Details:

Discovered Classes and their attribuets:
  • SCOM.Management.Server.Class
    • ServerVersion
    • ServerURLevel
    • WebConsoleVersion
    • WebConsoleURLevel
    • ConsoleVersion
    • ConsoleURLevel
    • OMSWorkspaces
    • PSVersion
    • CLRVersion
    • OSVersion
    • PrimaryMS
    • FailoverList
    • ActionAccount
    • InstallPath
    • CertLoaded
    • CertExpires
    • ThumbPrint
    • CertIssuer
    • TLS12Enforced
    • TLS12SQLCliInstalled
    • TLS12ODBCInstalled

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.TimedPowerShell.DiscoveryProvider Default

Source Code:

<Discovery ID="SCOM.Management.Server.Class.PowerShell.Properties.Discovery" Enabled="true" Target="SCOM.Management.Server.Class" ConfirmDelivery="false" Remotable="true" Priority="Normal">

  <Category>Discovery</Category>

  <DiscoveryTypes>

    <DiscoveryClass TypeID="SCOM.Management.Server.Class">

      <Property PropertyID="ServerVersion"/>

      <Property PropertyID="ServerURLevel"/>

      <Property PropertyID="WebConsoleVersion"/>

      <Property PropertyID="WebConsoleURLevel"/>

      <Property PropertyID="ConsoleVersion"/>

      <Property PropertyID="ConsoleURLevel"/>

      <Property PropertyID="OMSWorkspaces"/>

      <Property PropertyID="PSVersion"/>

      <Property PropertyID="CLRVersion"/>

      <Property PropertyID="OSVersion"/>

      <Property PropertyID="PrimaryMS"/>

      <Property PropertyID="FailoverList"/>

      <Property PropertyID="ActionAccount"/>

      <Property PropertyID="InstallPath"/>

      <Property PropertyID="CertLoaded"/>

      <Property PropertyID="CertExpires"/>

      <Property PropertyID="ThumbPrint"/>

      <Property PropertyID="CertIssuer"/>

      <Property PropertyID="TLS12Enforced"/>

      <Property PropertyID="TLS12SQLCliInstalled"/>

      <Property PropertyID="TLS12ODBCInstalled"/>

    </DiscoveryClass>

  </DiscoveryTypes>

  <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.TimedPowerShell.DiscoveryProvider">

    <IntervalSeconds>86400</IntervalSeconds>

    <SyncTime/>

    <ScriptName>SCOM.Management.Server.Class.PowerShell.Properties.Discovery.ps1</ScriptName>

    <ScriptBody><Script>

#=================================================================================

#

#  Script to gather SCOM Server Component properties via PowerShell

#

#  Author: Kevin Holman

#

#  Version: 1.9

#

#=================================================================================

param($SourceId,$ManagedEntityId,$ComputerName,$MGName)





# Manual Testing section - put stuff here for manually testing script - typically parameters:

#=================================================================================

# $SourceId = '{00000000-0000-0000-0000-000000000000}'

# $ManagedEntityId = '{00000000-0000-0000-0000-000000000000}'

# $Computername = 'server.domain.com'

# $MGName = 'SCOMA'

#=================================================================================





# Constants section - modify stuff here:

#=================================================================================

# Assign script name variable for use in event logging

$ScriptName = "SCOM.Management.Server.Class.PowerShell.Properties.Discovery.ps1"

$EventID = "1006"

#=================================================================================





# Starting Script section - All scripts get this

#=================================================================================

# Gather the start time of the script

$StartTime = Get-Date

#Set variable to be used in logging events

$whoami = whoami

# Load MOMScript API

$momapi = New-Object -comObject MOM.ScriptAPI

#Log script event that we are starting task

$momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script is starting. `n Running as ($whoami).")

#=================================================================================





# Discovery Script section - Discovery scripts get this

#=================================================================================

# Load SCOM Discovery module

$DiscoveryData = $momapi.CreateDiscoveryData(0, $SourceId, $ManagedEntityId)

#=================================================================================





# Begin Main Script

#=================================================================================

# Begin Role Version Section

#=======================================================================

# Function to map a file version to a UR level

function URVersion($Version)

{

  switch($Version)

  {

    # SCOM 2012

    "7.1.10226.0" {"2012 R2 RTM"}

    "7.1.10184.0" {"2012 R2 RTM"} #Gateway

    "7.1.10226.1011" {"2012 R2 UR1"}

    "7.1.10188.0" {"2012 R2 UR1"} #Gateway

    "7.1.10226.1015" {"2012 R2 UR2"}

    "7.1.10195.0" {"2012 R2 UR2"} #Gateway

    "7.1.10226.1037" {"2012 R2 UR3"}

    "7.1.10204.0" {"2012 R2 UR3"} #Gateway

    "7.1.10226.1046" {"2012 R2 UR4"}

    "7.1.10211.0" {"2012 R2 UR4"} #Gateway

    "7.1.10226.1052" {"2012 R2 UR5"}

    "7.1.10213.0" {"2012 R2 UR5"} #Gateway

    "7.1.10226.1064" {"2012 R2 UR6"}

    "7.1.10218.0" {"2012 R2 UR6"} #Gateway

    "7.1.10226.1090" {"2012 R2 UR7"}

    "7.1.10229.0" {"2012 R2 UR7"} #Gateway

    "7.1.10226.1118" {"2012 R2 UR8"}

    "7.1.10241.0" {"2012 R2 UR8"} #Gateway

    "7.1.10226.1177" {"2012 R2 UR9"}

    "7.1.10268.0" {"2012 R2 UR9"} #Gateway

    "7.1.10226.1239" {"2012 R2 UR11"}

    "7.1.10285.0" {"2012 R2 UR11"} #Gateway

    "7.1.10226.1304" {"2012 R2 UR12"}

    "7.1.10292.0" {"2012 R2 UR12"} #Gateway

    "7.1.10226.1360" {"2012 R2 UR13"}

    "7.1.10302.0" {"2012 R2 UR13"} #Gateway

    "7.1.10226.1387" {"2012 R2 UR14"}

    "7.1.10305.0" {"2012 R2 UR14"} #Gateway				



    # SCOM 2016

    "7.2.11719.0" {"2016 RTM"}

    "8.0.10918.0" {"2016 RTM"} #Gateway

    "7.2.11759.0" {"2016 UR1"}

    "7.2.11822.0" {"2016 UR2"}

    "8.0.10949.0" {"2016 UR2"} #Gateway

    "7.2.11878.0" {"2016 UR3"}

    "8.0.10970.0" {"2016 UR3"} #Gateway

    "7.2.11938.0" {"2016 UR4"}

    "8.0.10977.0" {"2016 UR4"} #Gateway		

    "7.2.12016.0" {"2016 UR5"}

    "8.0.10990.0" {"2016 UR5"} #Gateway

    "7.2.12066.0" {"2016 UR6"}

    "8.0.11004.0" {"2016 UR6"} #Gateway

    "7.2.12150.0" {"2016 UR7"}

    "8.0.11025.0" {"2016 UR7"} #Gateway

    "7.2.12213.0" {"2016 UR8"}

    "8.0.11037.0" {"2016 UR8"} #Gateway		

    "7.2.12265.0" {"2016 UR9"}

    "8.0.11049.0" {"2016 UR9"} #Gateway		

	

    # SEMI ANNUAL Channel

    "7.3.13142.0" {"1801"}

    "8.0.13053.0" {"1801"} #Gateway		

    "7.3.13261.0" {"1807"}

    "8.0.13067.0" {"1807"} #Gateway	

		

    # SCOM 2019

    "10.19.10014.0" {"2019 TP"}

    "10.19.10050.0" {"2019 RTM"}

    "10.19.10311.0" {"2019 UR1"}	

  }

}

                        			

$SCOMRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup"

$SCOMPath = (Get-ItemProperty $SCOMRegKey).InstallDirectory

$SCOMPath = $SCOMPath.TrimEnd("\")

$SCOMCorePath = $SCOMPath.TrimEnd("Server")

$SCOMCorePath = $SCOMCorePath.TrimEnd("\")

			

# Check to see if this is a Gateway

IF ($SCOMCorePath -match "Gateway")

{

  $ServerURFile = Get-Item $SCOMPath\HealthService.dll

  $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion



  $MOMWsManModulesFile = Get-Item $SCOMPath\MOMWsManModules.dll

  $MOMWsManModulesFileVersion = $MOMWsManModulesFile.VersionInfo.FileVersion



  $MOMCommonFile = Get-Item $SCOMPath\Microsoft.Mom.Common.dll

  $MOMCommonFileVersion = $MOMCommonFile.VersionInfo.FileVersion



  IF ($ServerURFileVersion -eq "8.0.10949.0" -and $MOMWsManModulesFileVersion -eq "8.0.10918.0")

  {

    #This is SCOM 2016 UR2

    $ServerURFileVersion = "8.0.10949.0"

  }

  ELSEIF ($ServerURFileVersion -eq "8.0.10949.0" -and $MOMWsManModulesFileVersion -eq "8.0.10970.0")

  {

    #This is SCOM 2016 UR3 and was patched from UR2 to UR3

    $ServerURFileVersion = "8.0.10970.0"

  }

  ELSEIF ($ServerURFileVersion -eq "8.0.10918.0" -and $MOMWsManModulesFileVersion -eq "8.0.10970.0")

  {

    #This is SCOM 2016 UR3 and was patched from RTM to UR3 directly

    $ServerURFileVersion = "8.0.10970.0"

  }

  ELSEIF ($ServerURFileVersion -eq "10.19.10014.0" -and $MOMCommonFileVersion -eq "10.19.10050.0")

  {

    #This is SCOM 2019 RTM

    $ServerURFileVersion = "10.19.10050.0"

  }

  ELSEIF ($ServerURFileVersion -eq "10.19.10140.0" -and $MOMCommonFileVersion -eq "10.19.10050.0")

  {

    #This is SCOM 2019 UR1

    $ServerURFileVersion = "10.19.10311.0"

  }

  

  # Set these to null since we do not expect a web console or a console on a GW

  $WebConsoleURFileVersion = ""

  $ConsoleURFileVersion = ""

}

ELSE  #This is a Management Server not a Gateway

{

  $ServerURFile = Get-Item $SCOMPath\Microsoft.EnterpriseManagement.RuntimeService.dll

  $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion

  $ServerURFileVersionSplit = $ServerURFileVersion.Split(".")

  $MajorSCOMVersion = $ServerURFileVersionSplit[0] + "." + $ServerURFileVersionSplit[1]



  IF ($MajorSCOMVersion -eq "7.1") #SCOM2012

  {

    Try

    {

      $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\WebHost\bin\Microsoft.EnterpriseManagement.Management.DataProviders.dll

      $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion

    }

    Catch

    {

      $WebConsoleURFileVersion = ""

    }

    Try

    {

      $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.EnterpriseManagement.Management.DataProviders.dll

      $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion

      }

    Catch

    {

      $ConsoleURFileVersion = ""

    }

  }

  IF ($MajorSCOMVersion -eq "7.2")  #SCOM2016

  {

    Try

    {

      $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\WebHost\bin\Microsoft.EnterpriseManagement.Monitoring.DataProviders.dll

      $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion

    }

    Catch

    {

      $WebConsoleURFileVersion = ""

    }

    Try

    {

      $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.EnterpriseManagement.Monitoring.DataProviders.dll

      $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion

    }

    Catch

    {

      $ConsoleURFileVersion = ""

    }

  }

  IF ($MajorSCOMVersion -eq "7.3")  #SCOM 1801 or 1807 Semi Annual Channel

  {

    $ServerURFile = Get-Item $SCOMCorePath\Server\Microsoft.EnterpriseManagement.DataAccessLayer.dll

    $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion



    Try

    {

      $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\WebHost\bin\Microsoft.Mom.Common.dll

      $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion

    }

    Catch

    {

      $WebConsoleURFileVersion = ""

    }

    Try

    {

      $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.MOM.UI.Common.dll

      $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion

    }

    Catch

    {

      $ConsoleURFileVersion = ""

    }

  }

  IF ($MajorSCOMVersion -eq "10.19") #SCOM 2019

  {

    #We need to use a different file for versioning for SCOM 2019

    $ServerURFile = Get-Item $SCOMCorePath\Server\Microsoft.EnterpriseManagement.DataAccessLayer.dll

    $ServerURFileVersion = $ServerURFile.VersionInfo.FileVersion



    Try

	{

	  $WebConsoleURFile = Get-Item $SCOMCorePath\WebConsole\Dashboard\OMVersion.dll

	  $WebConsoleURFileVersion = $WebConsoleURFile.VersionInfo.FileVersion

	}

	Catch

	{

	  $WebConsoleURFileVersion = ""

	}

	Try

	{

	  $ConsoleURFile = Get-Item $SCOMCorePath\Console\Microsoft.MOM.UI.Components.dll

	  $ConsoleURFileVersion = $ConsoleURFile.VersionInfo.FileVersion

	}

	Catch

	{

	  $ConsoleURFileVersion = ""

	}

  }	  

}



$ServerURLevel = URVersion $ServerURFileVersion

$WebConsoleURLevel = URVersion $WebConsoleURFileVersion

$ConsoleURLevel = URVersion $ConsoleURFileVersion

#=======================================================================

			

# Get Server OMS Workspaces section

#=======================================================================

# Load SCOM Agent scripting module

$AgentCfg = New-Object -ComObject "AgentConfigManager.MgmtSvcCfg"

# Try Catch since agent might not support method and throw error or might be empty

try

{

    $OMSWorkSpaces=$AgentCfg.GetCloudWorkspaces()

    foreach($OMSWorkSpace in $OMSWorkSpaces)

	{

    $OMSList=$OMSList + $OMSWorkspace.workspaceId + ", "

    }

    $OMSList=$OMSList.TrimEnd(", ")

}

catch

{

    $OMSList=''

}			

#=======================================================================			

			

# Get PowerShell Version section

#=======================================================================

$PSVer = $PSVersionTable.PSVersion

[string]$PSMajor = $PSVer.Major

[string]$PSMinor = $PSVer.Minor

$PSVersion = $PSMajor + "." + $PSMinor

#=======================================================================

			

# Get PowerShell CLR Version section

#=======================================================================

$CLRVer = $PSVersionTable.CLRVersion

[string]$CLRMajor = $CLRVer.Major

[string]$CLRMinor = $CLRVer.Minor

$CLRVersion = $CLRMajor + "." + $CLRMinor

#=======================================================================			



# Get Assignments section

#=======================================================================

#Uses $SCOMPath from above

$FilePath = "$SCOMPath\Health Service State\Connector Configuration Cache\$MGName\OpsMgrConnector.Config.xml"



IF (Test-Path -Path $FilePath)

{

    [xml]$ConfigFileXML = Get-Content -Path $FilePath



    #Get Primary MS

    $PrimaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "True"}

    $PrimaryMS = $PrimaryArr.AuthenticationName



    #Get list of Secondary MS

    $SecondaryArr = $ConfigFileXML.Message.State.Parents.Added.Item | Where-Object {$_.IsPrimary -eq "False"}

    [string]$SecondaryMSList = @()

    FOREACH ($SecondaryXML in $SecondaryArr)

    {

    $SecondaryMS = $SecondaryXML.AuthenticationName

    $SecondaryMSList = $SecondaryMSList + $SecondaryMS + ", "

    }

    $FailoverList = $SecondaryMSList.TrimEnd(", ")

}

ELSE

{

    #Log script event that we cannot find config file

    $momapi.LogScriptEvent($ScriptName,$EventID,2, "Cannot find config file at path ($FilePath)")

}

#=======================================================================



			

# Get Action Account section

#=======================================================================

# Get the action account this script is running under.  We will assume that is the default action account

try

{

    $user =  ""

    $domain =  ""

    $oNetwork = new-object -comobject "WScript.Network"

    $user = $oNetwork.UserName

    $domain = $oNetwork.UserDomain

    If(($user.Length -eq 0) -or ($user -eq "SYSTEM"))

    {

    $ActionAccount = $user

    }

    Else

    {

    $ActionAccount = $domain + "\" + $user

    }

}

catch

{

    $momapi.LogScriptEvent($ScriptName,$EventID,2, "Failed to retrieve the User name and domain for the action account, error: ", $error.Description)

}

#=======================================================================





# Get OSVersion section

#=======================================================================

$OSRegKey = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"

[string]$OSCurrentVersion = (Get-ItemProperty $OSRegKey).CurrentVersion

[string]$OSCurrentBuildNumber = (Get-ItemProperty $OSRegKey).CurrentBuildNumber

[string]$OSCurrentCurrentMajorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMajorVersionNumber

[string]$OSCurrentCurrentMinorVersionNumber = (Get-ItemProperty $OSRegKey).CurrentMinorVersionNumber



# If Windows 10 or WS2016 use new reg keys else use old keys

IF ($OSCurrentCurrentMajorVersionNumber)

{

    [string]$OSVersion = $OSCurrentCurrentMajorVersionNumber + "." + $OSCurrentCurrentMinorVersionNumber + "." + $OSCurrentBuildNumber

}

ELSE

{

    [string]$OSVersion = $OSCurrentVersion + "." + $OSCurrentBuildNumber

}

#=======================================================================





# Get Remotely Manageable  section

#=======================================================================

#=======================================================================





# Get Certificate Section

#=======================================================================

$CertRegKey = "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings"

IF(Test-Path $CertRegKey)

{

  [array]$CertValue = (Get-ItemProperty $CertRegKey).ChannelCertificateSerialNumber

  IF($Certvalue)

  {

	$CertLoaded = $True

    [string]$ThumbPrint = (Get-ItemProperty $CertRegKey).ChannelCertificateHash

    $Cert = Get-ChildItem -path cert:\LocalMachine\My | Where-Object {$_.Thumbprint -eq $ThumbPrint}

    IF ($Cert)

    {

      [datetime]$CertExpiresDateTime = $Cert.NotAfter

      [string]$CertExpires = $CertExpiresDateTime.ToShortDateString()

      $CertIssuerArr = $Cert.Issuer

      $CertIssuerSplit = $CertIssuerArr.Split(",")

      [string]$CertIssuer = $CertIssuerSplit[0].TrimStart("CN=")

    }

    ELSE

    {

      $CertIssuer = "NotFound"

      $CertExpires = "NotFound"

    }



  }

  ELSE

  {

    $CertLoaded = $False

  }

}

ELSE

{

  $CertLoaded = $False

}

#=======================================================================





# Get TLS12Enforced Section

#=======================================================================

#Set the value to good by default then look for any bad or missing settings

$TLS12Enforced = $True



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client").DisabledByDefault

  IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server").DisabledByDefault

  IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client").DisabledByDefault

  IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server").DisabledByDefault

  IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client").DisabledByDefault

  IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server").DisabledByDefault

  IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client").DisabledByDefault

  IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server").DisabledByDefault

  IF ($Enabled -ne 0 -or $DisabledByDefault -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client").DisabledByDefault

  IF ($Enabled -ne 1 -or $DisabledByDefault -ne 0)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server")

{

  $Enabled = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server").Enabled

  $DisabledByDefault = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server").DisabledByDefault

  IF ($Enabled -ne 1 -or $DisabledByDefault -ne 0)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319")

{

  $SchUseStrongCrypto = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319").SchUseStrongCrypto

  IF ($SchUseStrongCrypto -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}



IF (Test-Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319")

{

  $SchUseStrongCrypto = (Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319").SchUseStrongCrypto

  IF ($SchUseStrongCrypto -ne 1)

  {

    $TLS12Enforced = $False

  }

}

ELSE

{

  $TLS12Enforced = $False

}

#=======================================================================





# Get TLS12SQLCliInstalled Section

#=======================================================================

$RegPath = "HKLM:SOFTWARE\ODBC\ODBCINST.INI\ODBC Drivers"

[string]$SQLClient11InstalledStatus = (Get-ItemProperty $RegPath)."SQL Server Native Client 11.0"



IF ($SQLClient11InstalledStatus -eq "Installed")

{

  $TLS12SQLCliInstalled = $True

}

ELSE

{

  $TLS12SQLCliInstalled = $False

}

#=======================================================================





# Get TLS12ODBCInstalled Section

#=======================================================================

$RegPath = "HKLM:SOFTWARE\ODBC\ODBCINST.INI\ODBC Drivers"

[string]$ODBCDriver13 = (Get-ItemProperty $RegPath)."ODBC Driver 13 for SQL Server"



IF ($ODBCDriver13 -eq "Installed")

{

  $TLS12ODBCInstalled = $True

}

ELSE

{

  $TLS12ODBCInstalled = $False

}

#=======================================================================





# Discovery Script section - Discovery scripts get this

#=================================================================================

$instance = $DiscoveryData.CreateClassInstance("$MPElement[Name='SCOM.Management.Server.Class']$")

$instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $Computername)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ServerVersion$", $ServerURFileVersion)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ServerURLevel$", $ServerURLevel)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/WebConsoleVersion$", $WebConsoleURFileVersion)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/WebConsoleURLevel$", $WebConsoleURLevel)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ConsoleVersion$", $ConsoleURFileVersion)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ConsoleURLevel$", $ConsoleURLevel)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/OMSWorkspaces$", $OMSList)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/PSVersion$", $PSVersion)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CLRVersion$", $CLRVersion)			

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/OSVersion$", $OSVersion)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/PrimaryMS$", $PrimaryMS)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/FailoverList$", $FailoverList)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ActionAccount$", $ActionAccount)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/InstallPath$", $SCOMPath)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertLoaded$", $CertLoaded)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertExpires$", $CertExpires)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/ThumbPrint$", $ThumbPrint)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/CertIssuer$", $CertIssuer)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/TLS12Enforced$", $TLS12Enforced)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/TLS12SQLCliInstalled$", $TLS12SQLCliInstalled)

$instance.AddProperty("$MPElement[Name='SCOM.Management.Server.Class']/TLS12ODBCInstalled$", $TLS12ODBCInstalled)

$DiscoveryData.AddInstance($instance)



# Return Discovery Items Normally           

$DiscoveryData

# Return Discovery Bag to the command line for testing (does not work from ISE)

# $momapi.Return($DiscoveryData)

#=================================================================================





# End of script section

#=================================================================================

#Log an event for script ending and total execution time.

$EndTime = Get-Date

$ScriptTime = ($EndTime - $StartTime).TotalSeconds

$momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script has completed. ServerVersion: ($ServerURFileVersion). `n Server UR Level: ($ServerURLevel). `n WebConsoleVersion: ($WebConsoleURFileVersion). `n Web Console UR Level: ($WebConsoleURLevel). `n ConsoleVersion: ($ConsoleURFileVersion). `n Console UR Level: ($ConsoleURLevel). `n OMS Workspaces: ($OMSList). `n PowerShell Version: ($PSVersion). `n CLR Version: ($CLRVersion). `n OSVersion: ($OSVersion). `n Primary MS: ($PrimaryMS). `n Secondary MS Failover list: ($FailoverList). `n Action Account: ($ActionAccount). `n Install path: ($SCOMPath). `n TLS 1.2 Enforced: ($TLS12Enforced). `n SQLClient 11 installed: ($TLS12SQLCliInstalled). `n ODBC Driver 13 installed: ($TLS12ODBCInstalled). `n Runtime was ($ScriptTime) seconds.")

#=================================================================================

# End of script

          </Script></ScriptBody>

    <Parameters>

      <Parameter>

        <Name>SourceId</Name>

        <Value>$MPElement$</Value>

      </Parameter>

      <Parameter>

        <Name>ManagedEntityId</Name>

        <Value>$Target/Id$</Value>

      </Parameter>

      <Parameter>

        <Name>ComputerName</Name>

        <Value>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>

      </Parameter>

      <Parameter>

        <Name>MGName</Name>

        <Value>$Target/ManagementGroup/Name$</Value>

      </Parameter>

    </Parameters>

    <TimeoutSeconds>600</TimeoutSeconds>

  </DataSource>

</Discovery>