Containment discovery of Certificates and CRLs required by Windows Group
SystemCenterCentral.Utilities.Certificates.RequiredWindowsCertificatesGroup.Discovery (Discovery)
Element properties:
Object Discovery Details:
Member Modules:
Source Code:
<Discovery ID="SystemCenterCentral.Utilities.Certificates.RequiredWindowsCertificatesGroup.Discovery" Enabled="true" Target="SystemCenterCentral.Utilities.Certificates.RequiredWindowsCertificatesGroup" ConfirmDelivery="true" Remotable="true" Priority="Normal">
<Category>Discovery</Category>
<DiscoveryTypes>
<DiscoveryRelationship TypeID="InstanceGroupLibrary!Microsoft.SystemCenter.InstanceGroupContainsEntities"/>
</DiscoveryTypes>
<DataSource ID="Microsoft.SystemCenter.GroupPolulator" TypeID="SC!Microsoft.SystemCenter.GroupPopulator">
<RuleId>$MPElement$</RuleId>
<GroupInstanceId>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.RequiredWindowsCertificatesGroup"]$</GroupInstanceId>
<MembershipRules>
<MembershipRule>
<MonitoringClass>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]$</MonitoringClass>
<RelationshipClass>$MPElement[Name="InstanceGroupLibrary!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$</RelationshipClass>
<Expression>
<Or>
<Expression>
<And>
<Expression>
<!-- Must be in the Root CA store -->
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertStore$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Trusted Root Certification Authorities</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<Or>
<!-- Windows 8.1 / 2012 R2 Certificates -->
<Expression>
<!-- Microsoft Root Certificate Authority 2010 -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Certificate Authority 2010</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Certificate Authority 2010</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>28cc3a25bfba44ac449a9b586b4339aa</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<Expression>
<!-- Microsoft Root Certificate Authority 2011 -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Certificate Authority 2011</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Certificate Authority 2011</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>3f8bc8b5fc9fb29643b569d66c42e144</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<Expression>
<!-- Thawte Timestamping CA -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Thawte Timestamping CA</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Thawte Timestamping CA</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>00</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<!-- Windows Vista / and Server 2008 / 2008 R2 Certificates -->
<Expression>
<!-- Microsoft Root Certificate -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Authority</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Authority</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>c1008b3c3c8811d13ef663ecdf40</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<Expression>
<!-- Microsoft Root Certificate Authority -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Certificate Authority</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Certificate Authority</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>79ad16a14aa0a5ad4c7358f407132e65</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<!-- Windows 2003 and XP Certificates -->
<Expression>
<!-- Copyright (c) 1997 Microsoft Corp. -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Copyright \(c\) 1997 Microsoft Corp\.</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Copyright \(c\) 1997 Microsoft Corp\.</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>01</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<Expression>
<!-- Microsoft Authenticode(tm) Root Authority -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Authenticode\(tm\) Root Authority</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Authenticode\(tm\) Root Authority</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>01</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<Expression>
<!-- Microsoft Root Authority -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Authority</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Microsoft Root Authority</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>00c1008b3c3c8811d13ef663ecdf40</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<Expression>
<!-- NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>NO LIABILITY ACCEPTED, \(c\)97 VeriSign, Inc\.</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>NO LIABILITY ACCEPTED, \(c\)97 VeriSign, Inc\.</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>4a19d2388c82591ca55d735f155ddca3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<!-- Windows 2000 (all are already included above)-->
</Or>
</Expression>
</And>
</Expression>
<Expression>
<And>
<Expression>
<!-- Must be in the Third-Party Root Certification Authorities store -->
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertStore$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Third-Party Root Certification Authorities</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<Or>
<!-- Windows Vista and Server 2008 Certificates -->
<Expression>
<!-- Thawte Timestamping CA -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Thawte Timestamping CA</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>Thawte Timestamping CA</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>00</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<!-- Windows 2003 and XP Certificates -->
<Expression>
<!-- VeriSign Commercial Software Publishers CA -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>VeriSign Commercial Software Publishers CA</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>VeriSign Commercial Software Publishers CA</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertSerial$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>03c78f37db9228df3cbb1aad82fa6710</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<!-- Windows 2000 (all are already included above)-->
</Or>
</Expression>
</And>
</Expression>
<Expression>
<And>
<Expression>
<!-- must be in the Intermediate Certification Authorities store -->
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertStore$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Intermediate Certification Authorities</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<Or>
<!-- Windows 7 and Server 2008 R2 Certificates -->
<Expression>
<!-- Root Agency -->
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>CN=Root Agency</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>CN=Root Agency</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<Expression>
<!-- Microsoft Windows Hardware Compatibility -->
<!-- CN=Microsoft Windows Hardware Compatibility -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>CN=Microsoft Windows Hardware Compatibility</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>CN=Microsoft Root Authority</Pattern>
</RegExExpression>
</Expression>
</And>
</Expression>
<Expression>
<!-- Verisign / CPS Incorp -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>OU=www.verisign.com/CPS Incorp\.by Ref\. LIABILITY LTD\.\(c\)97 VeriSign</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>OU=Class 3 Public Primary Certification Authority</Pattern>
</RegExExpression>
</Expression>
</And>
</Expression>
<Expression>
<!-- VeriSign Class 1 CA Individual Subscriber-Persona Not Validated -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>CN=VeriSign Class 1 CA Individual Subscriber-Persona Not Validated</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>OU=Class 1 Public Primary Certification Authority</Pattern>
</RegExExpression>
</Expression>
</And>
</Expression>
<!-- Windows 2003 / XP -->
<Expression>
<!-- VeriSign Class 2 CA Individual Subscriber -->
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedTo$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>CN=VeriSign Class 2 CA - Individual Subscriber</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/CertIssuedBy$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>OU=Class 2 Public Primary Certification Authority</Pattern>
</RegExExpression>
</Expression>
</And>
</Expression>
</Or>
</Expression>
</And>
</Expression>
</Or>
</Expression>
</MembershipRule>
<!-- CRLs go here -->
<MembershipRule>
<MonitoringClass>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.CRL"]$</MonitoringClass>
<RelationshipClass>$MPElement[Name="InstanceGroupLibrary!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$</RelationshipClass>
<Expression>
<And>
<Expression>
<!-- must be in the Intermediate Certification Authorities store -->
<SimpleExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.CRL"]/CertStore$</Property>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Intermediate Certification Authorities</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.CRL"]/CRLIssuer$</Property>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc\.", L=Internet</Pattern>
</RegExExpression>
</Expression>
</And>
</Expression>
</MembershipRule>
</MembershipRules>
</DataSource>
</Discovery>
Home