Application Discovery: GPO for necessary Registry Changes

Document created by kevinlamb on Jun 30, 2016Last modified by fran.schwarzmann on Aug 15, 2016
Version 2Show Document
  • View in full screen mode

This article describes how to create a Group Policy Object which can be leveraged to push required WMI registry changes out to multiple Windows virtual machines centrally using Active Directory.

Requirements

This article assumes the target environment is running Windows Server 2003 or later as these are the only editions of Windows which include support for Hyper-V

 

Background

The VMTurbo Operations Manager communication uses a library which talks via WMI/DCOM to Windows hosts to retrieve information.  For guest VM discovery to work in VMTurbo Operations Manager the WMI registry key must be granted full permissions to the account which the appliance will use to connect to the Windows hosts.

 

Procedure

Login to Domain Controller as a domain admin or equivalent account that can create and add GPO to a domain or other object such as an OU container 

 

Browse to the Group Policy Editor

Once GPM Opens, create a new GPO for the domain (or other Container that makes sense for your organization (e.g. OU that contains your Hyper-V Servers only))

Give the GPO a Name and Save it (Click OK) 

Now edit this new Policy Object:

Now Expand Computer Configuration >> Windows Settings >> Security >> and Right-click on Registry, and select Add Key  

 

Now navigate to the Registry key: 'HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}, and Click OK

Now the Permissions applet opens, select the Advanced button at the bottom right of the applet

 

 

This will open the Advanced Security settings, select the Owner tab and add the user you want VMTurbo Operations Manager to connect to your HyperV Server Targets and Windows Server VM's, and Click OK once you have set the proper Owner (Clicking OK will set the new Owner)

Here Joel Sheppard is set as the new owner:

 

Repeat this process for the following Registry Key as well: HKLM\Software\Classes\Wow6432Node\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6      

You’re now dropped back out to the Basic security applet:

Since Joel Sheppard is not a User in this Basic Security applet, we need to add the new Key Owner:

Now grant this user FULL Control by Clicking this under the ALLOW column, click OK

 

Lastly you will be presented with the Add Object screen, select propagation per the image below, click OK:

You now have a GPO you can link to the container of your choice (E.g. OU that contains the Hosts and VM's that you want to manage with VMTurbo):

    

* The following Microsoft KB outlines the process for forcing a remote group policy refresh (GPUpdate) to push out the GPO policy changes immediately instead of waiting for the normal GPO Refresh cycle  

  http://technet.microsoft.com/en-us/library/jj134201.aspx 

1 person found this helpful

Attachments

    Outcomes