Menu Close

Extending Windows Computer class from Registry Keys in SCOM

Years ago – I wrote a post on this, showing how to use registry keys to add properties to the “Windows Computer” class, to make creating custom groups much simpler.  You can read about the details of how and why here:


This post is a simple updated example of that Management Pack, but written more “properly”.  You can use this example ad add/change your own registry keys for additional class properties.


In this example – we create a new class, “DemoReg.Windows.Computer.Extended.Class”

We use Microsoft.Windows.Computer as the base class, and we will add three example properties:  TIER, GROUPID, and OWNER.


<TypeDefinitions> <EntityTypes> <ClassTypes> <ClassType ID="DemoReg.Windows.Computer.Extended.Class" Accessibility="Public" Abstract="false" Base="Windows!Microsoft.Windows.Computer" Hosted="false" Singleton="false" Extension="false"> <Property ID="TIER" Type="string" AutoIncrement="false" Key="false" CaseSensitive="false" MaxLength="256" MinLength="0" Required="false" Scale="0" /> <Property ID="GROUPID" Type="string" AutoIncrement="false" Key="false" CaseSensitive="false" MaxLength="256" MinLength="0" Required="false" Scale="0" /> <Property ID="OWNER" Type="string" AutoIncrement="false" Key="false" CaseSensitive="false" MaxLength="256" MinLength="0" Required="false" Scale="0" /> </ClassType> </ClassTypes> </EntityTypes> </TypeDefinitions>


We will use a filtered registry discovery provider, where we filter the discovery based on finding the existence of “HKLM\SOFTWARE\Contoso” which would relate to your custom company RegKey.

In addition – this discovery will discover each custom class property you want, using the three examples above.  My registry looks like the following:




The discovery targets “Windows Server Operating System” this keeps it from creating duplicate discoveries based on clusters.  However, if you WANT to include cluster Windows Computer objects, you will need to change the target class to Microsoft.Windows.Computer (and remove the HOST from $Target/Host references in the discovery)

Here is the sample discovery:

<Monitoring> <Discoveries> <Discovery ID="DemoReg.Windows.Computer.Extended.Class.Discovery" Target="Windows!Microsoft.Windows.Server.OperatingSystem" Enabled="true" ConfirmDelivery="false" Remotable="false" Priority="Normal"> <Category>Discovery</Category> <DiscoveryTypes> <DiscoveryClass TypeID="DemoReg.Windows.Computer.Extended.Class"> <Property TypeID="DemoReg.Windows.Computer.Extended.Class" PropertyID="TIER" /> <Property TypeID="DemoReg.Windows.Computer.Extended.Class" PropertyID="GROUPID" /> <Property TypeID="DemoReg.Windows.Computer.Extended.Class" PropertyID="OWNER" /> </DiscoveryClass> </DiscoveryTypes> <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.FilteredRegistryDiscoveryProvider"> <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName> <RegistryAttributeDefinitions> <RegistryAttributeDefinition> <AttributeName>ContosoExists</AttributeName> <Path>SOFTWARE\Contoso</Path> <PathType>0</PathType> <AttributeType>0</AttributeType> </RegistryAttributeDefinition> <RegistryAttributeDefinition> <AttributeName>TIER</AttributeName> <Path>SOFTWARE\Contoso\TIER</Path> <PathType>1</PathType> <AttributeType>1</AttributeType> </RegistryAttributeDefinition> <RegistryAttributeDefinition> <AttributeName>GROUPID</AttributeName> <Path>SOFTWARE\Contoso\GROUPID</Path> <PathType>1</PathType> <AttributeType>1</AttributeType> </RegistryAttributeDefinition> <RegistryAttributeDefinition> <AttributeName>OWNER</AttributeName> <Path>SOFTWARE\Contoso\OWNER</Path> <PathType>1</PathType> <AttributeType>1</AttributeType> </RegistryAttributeDefinition> </RegistryAttributeDefinitions> <Frequency>86400</Frequency> <ClassId>$MPElement[Name="DemoReg.Windows.Computer.Extended.Class"]$</ClassId> <InstanceSettings> <Settings> <Setting> <Name>$MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Name> <Value>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value> </Setting> <Setting> <Name>$MPElement[Name="DemoReg.Windows.Computer.Extended.Class"]/TIER$</Name> <Value>$Data/Values/TIER$</Value> </Setting> <Setting> <Name>$MPElement[Name="DemoReg.Windows.Computer.Extended.Class"]/GROUPID$</Name> <Value>$Data/Values/GROUPID$</Value> </Setting> <Setting> <Name>$MPElement[Name="DemoReg.Windows.Computer.Extended.Class"]/OWNER$</Name> <Value>$Data/Values/OWNER$</Value> </Setting> </Settings> </InstanceSettings> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type="Boolean">Values/ContosoExists</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="Boolean">true</Value> </ValueExpression> </SimpleExpression> </Expression> </DataSource> </Discovery> </Discoveries> </Monitoring>


When I review Discovered Inventory in the console for this class, I can see the properties:




I am attaching the sample MP file, along with the registry file, at the following location:


      • Mohamed Sybulla

        We have to disable “Default Web Site” unavailable alert alone from IIS Management Pack for set of Windows servers where the registry Entry Created like HKLM\SOFTWARE\Computer\DisableDefaultWebsite. So planning to add this registry entry in IIS Web Site Class. If this method is not working, kindly provide some other ideas or code.

        • Kevin Holman

          That’s probably a pretty good reason. You should be able to do this, and just change the base class in my code from windows computer to IIS web site.

          • Mohamed Sybulla

            We already changed the base class to IIS Web Site “MWIC!Microsoft.Windows.InternetInformationServices.WebSite”, but it is not working, It is only working for “Windows!Microsoft.Windows.Computer”. I may try with IIS 7 Web Site, IIS 8 Web Site, IIS 10 Web Site individually. If you have any suggestion please provide on this.

          • Mohamed Sybulla

            Hi Kevin,

            Even it is not working for base class “Microsoft.Windows.InternetInformationServices.10.0.WebSite” IIS 10 Web Site. Kindly suggest.

  1. Andy Perry

    Hi Kevin,

    I appreciate this is an old article now but just experimenting with a lot of this at the moment.

    Am I correct in thinking that as long as that key exists (Contoso in your example), then the Windows Computer should be discovered and should be part of the new extended class? Or, will it only populate that new class if the other values are present as well?

    I have one server populated which has all the values, but another server doesn’t appear where only the key exists and I am wondering whether this is something I have done (or not done) or whether it needs the values as well.



    • Andy Perry

      I am a little closer. Had some 10103 events that linked to my discovery here. So I thought about the minimum length that I had set. I did this because I had required set to false so I assumed that IF there was a value, then it would enforce the minimum length. But wondering if this is not the case as I have updated all the minimum lengths of my values to 0 and now I see both populated. One with the value data and the other blank as expected.

      Still would have thought though that I could control the minimum value if present but still discover the object if they were blank, but I can work on that.

    • Kevin Holman

      If you follow my example logic – the discover or not decision is not based on any registry value – it is simply based on ContosoExists = true which means HKLM:SOFTWARE\Contoso key exists. If you want to discover instances of ALL machines where the discovery runs, and only populate values if they are present, then simply change the key to HKLM:SOFTWARE alone, since all computers have this.

      • Andy Perry

        Thanks Kevin.

        No, it is only servers with that specific key that I want to populate. At first it was only populating the servers with the key AND the specific values. It was not populating my other test server which just had the key.

        But, as mentioned, I was getting an event on the server about invalid data on that missing server. When I updated the MinLength to 0, and reloaded the pack, the other server then came in.

        What is puzzling though is that I thought the Required=”false” would be enough to tell the discovery that the values are not required and still be able to set a minimum length for some validation purposes in case there WAS data/values to collect, but the fact that there was no values seemed to equal not meeting the MinLength and so discovery was failing.

        I have changed them all to zero now, which is not a major deal to be honest. Better for it to function 🙂

        Thank you for coming back to me, much appreciated


Leave a Reply

Your email address will not be published.