Last week, I was having a discussion with the manager about the User IE Home page/Start page to get a report on, how many users are set to Company intranet Page. I then asked him, what is the process/method that company currently follows to set IE Home page .He then replied, GPO ? my response for this was ,if GPO, then the Home page for IE should be set to the required one for all Domain Users (Domain users: where ever the GPO applied to) and using GPO, will have more control to restrict user to not to change the default IE Home page (Disable changing home page settings. and less troubleshooting required .
I have then checked my computer to find the default IE Home Page, it is set to the correct one but I do have flexibility to change it to custom. So boss asked me to check if there is way to get a compliance report on User IE Home page ,in case the GPO may not be applied to some of the OU to be identified.
Since the IE Home Page information stored in HKCU, we cannot use regkeytomof (it works only with HKLM) or MOF Extension or DCM (not easy).
The possible solution for this is involved with, 1) Create Custom WMI location 2) Copy the User IE home page info into this location 3)Edit the MOF to retrieve this WMI information into SCCM Database.
The above solution would work but how would you provide full permissions to WMI location to publish the User Registry info ? If users do not have admin rights on their computers ?
Long ago ,there was a discussion on sccm forum list ,about the this issue to get User IE home pages Using Configuration manager. Our MOF Master Sherry Kissinger has got workaround for this issue which I am going shortly.
This procedure requires creation of package with 2 programs (legacy is preferred and easy) 1) machine 2 ) User with dependency on machine.
Create a folder with standard naming convention as per required on your network share and place these files into it .files can be downloaded from Github
1.wmiNameSpaceandSecurity.vbs—>This script will create custom WMI name location ( root\CustomCMClasses—>CM_IEStartPages) using file called WmiSecurity.exe.
2.UserIEStartPage.vbs:This script publish the information from HKCU to custom WMI name location which is created using above script.
Before we start creating the packages,edit the script wmiNameSpaceandSecurity.vbs and replace the domain name to your domain name and save the script.
Create Package with 2 programs:
1.Create package with program cmd line: cscript.exe wminamespaceandsecurity.vbs under system context
2. Right click on the package created above and select Create program (no need to create new package) with cmd line:cscript.exe UserIEStartPage.vbs under user context
and select ‘Run another program profile first’
we now created package with 2 programs :
Distribute the package to DP group or DP’s.
Now create deployment using UserIEStartPage to required collection.
Time to test the results:
Login to PC that has this deployment ,run machine policy ,monitor execmgr.log for progress of this deployment.
from above log, program executed successfully.
lets checkout the WMI classes and inventory information what is captured from HKCU.
open cmd and type wbemtest.exe ,connect to “root\CustomCMClasses”
lets checkout the homepage values from WMI class using simple WQL Query before we start working with MOF file.
while you are connected to “root\CustomCMClasses” ,Click on Query and use this query to run: SELECT * FROM CM_IEStartPages
From above, se see that ,User has set 2 tabs when IE Opens.Double click on either of the one and click on show MOF to see the URL page.
So far, All good. Now lets try doing some changes to the MOF to collect this information via Inventory on schedule basis (If Required,crate custom inventory to specific collection instead of doing it on default ).
Go to your CM12 Primary Site administration pane (if you have CAS then you should do make these changes there )—>client settings—Default settings. (You must import the custom attributes here before you create custom client settings.
we have now imported the custom WMI info into CM12 but we did not enable this setting to be collected from Configmgr clients.
on the background,Configmgr will be creating new table/view (CM_IESTARTPAGES_DATA/v_GS_CM_IESTARTPAGES) to store the information that comes from clients which can be monitor from dataldr.log from your Site server logs:
Now ,Create custom client agent setting that can be applied onto test collection before making to Big collection .
Deploy this setting to test collection and wait for the results (client should pick the new settings and send the inventory info to Site server). After a while,you see the information in CM12 Database.
Here is the Simple SQL Query:
SQL Quiries:
select sys1.netbios_name0, os.Caption0, st.userdomain0, st.username0, st.tab0 as [Tab], st.startpage0
from v_R_System_Valid sys1
join v_GS_OPERATING_SYSTEM os on os.ResourceID=sys1.ResourceID
left join dbo.v_GS_CM_IESTARTPAGES st on st.resourceid=sys1.resourceid
order by sys1.Netbios_Name0, st.tab0
Get IE pages into same row:
select distinct sys1.netbios_name0, os.Caption0, st.userdomain0, st.username0,
RTRIM(substring(ISNULL((select ','+startpage0
from dbo.v_GS_CM_IESTARTPAGES ie1
where ie1.ResourceID = Sys1.resourceID for xml path('')),' '),2,2000)) as StartPages
from v_R_System_Valid sys1
join v_GS_OPERATING_SYSTEM os on os.ResourceID=sys1.ResourceID
left join dbo.v_GS_CM_IESTARTPAGES st on st.resourceid=sys1.resourceid
order by sys1.Netbios_Name0
9 Comments
Was going to test this, but the files don't exist anymore.
Thanks for the report. I have uploaded the files to GitHub and post is updated.
Thanks,
Eswar
Hi, which is the URL for the download the files? In this page are not available. Thanks
Hi,
You can download the files from here https://github.com/eskonr/MEMPowered/blob/master/Tools/UserIEStartPage.zip
I have updated the GitHub link in the post.
Thanks,
Eswar
Thank you very much, it helped a lot.
Eswar. This is a superb post and great for retrieving information into Hardware Inventory from the HKCU registry section. I have implemented something similar in my own environment but i'm "stuck" on one aspect.
We have a CAS in our organization and the changes i have made work just fine but the data only appears in the clients primary site, not on the CAS. From a reporting perspective it would be ideal to have this data replicated back into the CAS. Would you happen to know how to do this? Am I doing something wrong here?
Again, many thanks
Gerry
does the replication data log show any errors ? the data from primary will be replicated to CAS site and should see data as well.
refer the blogs for replication issues http://blogs.technet.com/b/umairkhan/archive/2014/02/18/configmgr-2012-data-replication-service-drs-unleashed.aspx
This is what I call waste of time at work. Your boss seems to be a control freak.
There is nothing wrong in knowing about how to do a task can be silly or complex from which, you learn something out of it, which help in other scenarios 🙂