Howdy,
I am working on an analysis and trying to exclude domain controllers, but include all other WIndows servers.
I am not sure how to do this, and I am using the Excel Connector for a report.
I tried using a relevance expression I found in the forums but it fails in the debugger, can anyone assist?
TY!
Related:
TY again! I am trying to do this and I thought it would exclude domain controllers, but it’s not.
(select ("ProductType from Win32_OperatingSystem") of WMI) as string contains "3"Just out of curiosity, are the product type inspectors not completely useful for this type of info? https://developer.bigfix.com/relevance/search/?query=product%20type
I am probably doing something wrong, but I created an analysis to find specific local accounts. Then under relevance I’ve tried a few things.
What I thought would work is:
(
product type of operating system != nt domain controller product type
)Yes, that would be the best option. I just couldn’t find an example with that because I couldn’t remember it. It is actually in one of the analyses I linked.
This definitely could be better for this case, but it is an example: https://bigfix.me/relevance/details/2998651
product type of operating system should be better/faster than using WMI.
For some reason it’s not excluding the domain controllers. I set the relevance tab on the analysis and entered only that statement. I tried with and without “parenthesis”, but the results are the same.
Does this work for 2012?
Do you mean this? :
(if (it = nt workstation product type) then "Workstation" else if (it = nt server product type) then "Server" else if (it = nt domain controller product type) then "DomainController" else "Unknown") of (product type of operating system)
If not, I would put the above in an analysis to see what results it gives in general.
I’m not certain. It may depend on both the version of Windows and the version of BigFix, but it is hard to say without testing.
You could always cheat and create a group and add only the domain controllers and use the group ID to exempt them. 
It is not a very technical solution, but it would work if nothing else is.
I setup an analysis that just should give me the local account names on all servers but I need to exclude domain controllers.
I created an “automatic group” using the relevance
(
product type of operating system != nt domain controller product type
)
This group populates perfectly.
Then I have tried changing the relevance on the analysis I created to include all windows servers group and not include the all domain controllers group, that fails to exclude the domain controllers.
I am trying to use the Excel Connector also and I have tried using multiple filter combinations with the groups mentioned above and nothing works.
I will have to likely use the excel connector, so does anyone know how to get the exclusion working in that for product type of domain controllers.
You should be able to use the following relevance, just replace the group # with your new automatic group ID, which can be found under Compuer Groups, then right click on one of the column headers, then enable “ID”. Below is the relevance created by the GUI when I choose OS contains win and Group membership does not contain (my group), and made sure ALL was selected, adding the AND below. !!This is all based on the fact that you have the domain controllers populating under your automatic group!! If your relevance did not work for the automatic group, you can always just add the name if there are only a handful of them) Also, if there really are only a few, then you could probably skip the group and just add "computer name does not contain " " under the relevance, whichever one is easier. Once again, not the best solution, but if I was unable to get the proper relevance, this is how I would get it done.
(version of client >= "6.0.0.0") AND ((not (exists true whose (if true then (member of group 9999 of site "actionsite") else false))) AND (exists true whose (if true then (exists (operating system) whose (it as string as lowercase contains "win" as lowercase)) else false)))Do you have an “AND” in your relevance query and not an “OR”?
I am testing this as the relevance now. I had tried “and” and “and” before with the separate group filters, but that didn’t work.
My group ID is something like “00-12345” and I don’t think that I need to remove the 00-, but so far this isn’t working either which doesn’t make sense.
I am trying to test it out using the excel connector to and I can’t get it to work there either. I have run the debugging tool and it’s obviously a perfectly fine query.
Any ideas how I can do this using the excel connector? I do have to get it working within IEM as an analysis also.
This is meant to be put into an analysis property to make sure it returns the correct info about your systems. Your DCs should show up as such.
This would be true only on DCs:
"DomainController" = ( (if (it = nt workstation product type) then "Workstation" else if (it = nt server product type) then "Server" else if (it = nt domain controller product type) then "DomainController" else "Unknown") of (product type of operating system) )
This would be true only on windows servers:
"Server" = ( (if (it = nt workstation product type) then "Workstation" else if (it = nt server product type) then "Server" else if (it = nt domain controller product type) then "DomainController" else "Unknown") of (product type of operating system) )
Howdy,
This is still not working and I have tried everything posted.
I created a new analysis in IEM, using the GUI.
I selected Computers which match ALL of the relevant conditions
Then I went as far as entering
OS contains win
computer name does not equal domaincontrollera
computer name does not equal domaincontrollerb
And so on, there’s about 30 machines I have to exclude
Most were excluded but there are still about 5 that show up. I don’t think it’s OS related as they are all the same as the ones that are being excluded
Any ideas on making the relevance better?
Can you post the actual relevance? A screenshot?
Did you try using ProductType? Can you share what you tried? It is possible it wasn’t implemented correctly.