PowerShell for Discovery

PowerShell is built on the Windows .NET Framework and is designed to control and automate the administration of Windows machines and applications.

ServiceNow Discovery supports the use of PowerShell to discover Windows computers. MID Servers using PowerShell must be installed on a supported Windows operating system. ServiceNow supports PowerShell v2.0 and above. However, PowerShell 3.0 does not support Windows Server 2003.
Note: PowerShell is the preferred method for running Discovery over multiple Windows domains, because it allows a single MID Server to authenticate on machines on different domains using credentials stored on the instance.

Installed with PowerShell for Discovery

These elements support PowerShell discoveries.

MID Server parameters

The following parameters are optional.
Note: After changing the setting for any parameter, be sure to restart the MID Server service.
Table 1. MID Server Parameters
Description Name(s) Details
PowerShell credentials mid.powershell.use_credentials Determines the credentials to use for Discovery with PowerShell. A setting of true directs the MID Server to run probes with the Windows credentials from the credentials table. To run probes with the credentials of the user for the MID Server service, set this parameter to false.
  • Type: true | false
  • Default value: true
Enable PowerShell for Discovery mid.use_powershell Enables or disables PowerShell for Discovery. You must restart the MID Server after changing the value. If PowerShell is not installed or the version installed is less than version 2.0, Discovery reverts to using WMIRunner.
  • Type: true | false
  • Default value: true, in the Fuji release.
  • Default value: false, in releases prior to Fuji.
PowerShell executable path mid.powershell.path Enables an administrator to point to a specific PowerShell on a MID Server in cases where more than one PowerShell is installed. Supply the path to the folder containing the PowerShell executable, for example, C:\mypowershell or C:\mypowershell\. ServiceNow automatically appends the string powershell.exe to the path. This parameter might be necessary when both a 32-bit and 64-bit PowerShells are active on the same MID Server, and it becomes necessary to launch the correct PowerShell for the context. Note that 64-bit Windows employs file system redirection and the MID server runs as a 32-bit application. If trying to specify a path in %WinDir%\System32, Windows will automatically redirect to %WinDir%\SysWOW64. To avoid redirection, specify the path as %WinDir%\Sysnative. An example would be instead of C:\WINDOWS\system32\WindowsPowerShell\v1.0\, specify C:\WINDOWS\sysnative\WindowsPowerShell\v1.0\.
Note: On a 64-bit version of Windows Server 2003 or Windows XP, a Microsoft hotfix may be required to enable this.

To discover applications running on a 64-bit Windows machine, the MID Server must be running on a 64-bit Windows host machine.

  • Type: string (path)
  • Default value: none
MID Server credentials mid.powershell.local_mid_service_credential_fallback Specifies the login credentials the MID Server uses if all other credentials fail.
  • Type: true | false
  • Default value: true
Enable or Disable the enforcement of UTF-8 for command output mid.powershell.enforce_utf8 Enable this parameter to force commands on a target Windows system to return UTF-8 encoded output. Disabling it allows the target system to use its default encoding. This parameter is only valid when PowerShell is enabled.

Setting this value to false may result in incorrect values in the CMDB when non-ASCII characters are returned by a probe.

  • Type: true | false
  • Default value: true

MID Server Script Includes

The following script includes were added for PowerShell discoveries. These scripts run on the MID Server to generate the scripts that Discovery uses for WMIRunner and PowerShell.
Table 2. MID Server Script Includes
Script Include Description
GenerateWMIScriptJS Generates a Javascript script for the WMIRunner probe.
GenerateWMIScriptPS1 Generates a PowerShell script for PowerShell Discovery.

Probe and sensor

When a Windows machine is classified with PowerShell, and an MSSQL instance is detected, a probe called Windows - MSSQL is launched. The probe returns the SQL database catalogs and version to a matching sensor.

Probe parameter

A probe parameter called WMI_ActiveConnections.ps1 contains a script that runs netstat.exe on a target machine for connection information (such as process IDs, ports, IP addresses) when PowerShell is enabled.

Credentials

Discovery uses Windows PowerShell credentials from the Credentials [discovery_credentials] table or the domain administrator credentials of the MID Server service. If Discovery cannot find PowerShell credentials in the Credentials table of the type, Windows), it uses the login credentials of the MID Server service.