The LANDesk Inventory engine is easy to extend with custom scripts.
The basic process:
- Create a script to gather powershell data in a landesk-compatible format.
- Create a batch file to run the powershell script if the system has powershell installed.
- Modify the LANDesk Inventory Scanner’s ini file ( LDSCNHLP.INI ).
- Force a full system scan.
- Modify the database settings to allow unknown items.
Step 1 – PowerShell Bitlocker Script
- Download the script from my previous post ( See: BitLocker Info with PowerShell ) by clicking ‘view source’, then copy\pasting into your favorite text editor.
- Then, save the file as bitlocker-info.ps1 in your LDClient folder (by default %programfiles(x86)%\LANDesk\LDClient).
Step 2 – Batch File PS Launcher
- Download the following batch file.
- Name it as ‘bitlocker-info.cmd’.
- Put it in your LDClient folder.
@ECHO OFF REM Check Windows Version REM reference: http://www.grimadmin.com/article.php/batchfile-easy-way-to-detect-os-version ver | findstr /i "5\.0\." > nul IF %ERRORLEVEL% EQU 0 goto warn_OSOld ver | findstr /i "5\.1\." > nul IF %ERRORLEVEL% EQU 0 goto warn_OSOld ver | findstr /i "5\.2\." > nul IF %ERRORLEVEL% EQU 0 goto warn_OSOld cd %SystemRoot%\system32\WindowsPowerShell\v1.0 powershell Set-ExecutionPolicy Unrestricted powershell C:\PROGRA~2\LANDesk\LDClient\Bitlocker-Info.ps1 goto end :warn_OSOld IF EXIST "%programfiles(x86)%\LANDesk\LDClient\bitlocker.dat" DEL /F /Q "%programfiles(x86)%\LANDesk\LDClient\bitlocker.dat" echo Bitlocker Info - Bitlocker Rollup = N\A for this OS > "%programfiles(x86)%\LANDesk\LDClient\bitlocker.dat" :end cd %programfiles(x86)%\Landesk\ldclient
Step 3 – LANDesk LDSCNHLP.INI File
The heart of the LANDesk scanning extension happens in the ‘ldscnhlp.ini’ file. Edit your file so that it matches mine. For now, ignore the fact that this will fail to run the script on a x32 Vista\Win7 system. That will be addressed in the next post.
[EXECUTE WIN16] [EXECUTE WIN32] LAUNCH1=C:\progra~2\landesk\ldclient\bitlocker-info.cmd TIMEOUT1=600 [DATA FILES] DATA1=%programfiles%\landesk\ldclient\bitlocker.dat DATA2=%programfiles(x86)%\landesk\ldclient\bitlocker.dat
Step 4 – Force a Full Scan
By default, LANDesk will run a ‘full scan’ once per day. The BitLocker script will not run unless you force a full scan. Here is the easiest way:
- On the client, edit your inventory scanner program files shortcut and append “/F /SYNC” to the end of the ‘target’ field.
- Run a scan with the program files shortcut.
- Check your LDClient directory for a newly created bitlocker.dat file, written by the ps1 script.
Step 5 – Configure LANDesk Database
- On your LANDesk core, run ‘Configure Services’ from the Start Menu.
- Click the ‘Inventory’ tab.
- Click ‘Unknown Items’
- You should see the custom bitlocker data; click each item and choose ‘allow’.
- How to scan custom registry information
- Extending Inventory with Unmodeled Data (Free AD Groups)
- How to extend the Inventory Scanner capabilities
- I had to reboot my landesk core several times to get the scan working. I’m not sure why. Also, I had to run the scan twice to get the custom data to appear in the ‘unknown items’ tab, and again to get the inventory populated after the items were approved.
Limitations and Taking it Farther
In its current form, this process will not work uniformly on x86 and x64 machines. I haven’t found a way to use environment variables in the LDSCNHLP.ini file, which is the only restriction. However, it’s possible to edit your agent configuration package to make this happen. That will be the focus of part 2.