ConfigMgr Console Queries: Serial Number

To create a query in ConfigMgr, open the console and navigate to Monitoring > Queries. Queries allow you to run simple WQL queries again the database. I will illustrate how to make one by creating one that searches for a device serial number.

You can create the query by using the same information that is used to create collections.

Creating the Query

Select “Create Query” from the ConfigMgr ribbon. Give your query a name. You also have the option of limiting a query to a particular collection, either by specifying it directly, or prompting the user for it.

Capture

When you click “Edit Query Statement”, you are greeted with the same wizard that is using to construct collection queries:

Capture

This first screen is where you tell ConfigMgr what information to display. Since I am finding a computer name using the serial number, those are the two fields I have chosen. When you click the add button, you are greeted with the screen to pick the attribute:

Capture

Simply find the attributes that you want to display. If you’re writing a query that will return multiple objects, you want to set the “Sort” option on at least one of them so that you get a sorted list.

Next, we move to the criteria tab. Again, it functions just like building a collection:

Capture

Now, the big question here is how do we get this to prompt for a value. Here is what the serial number criteria looks like as a query without the prompt (I entered a value of 1 so that I could apply the query):

select SMS_R_System.Name, SMS_G_System_SYSTEM_ENCLOSURE.SerialNumber

from  SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId

where SMS_G_System_SYSTEM_ENCLOSURE.SerialNumber = “1”

To make it prompt, simply change the where clause after the equal sign to:

##PRM:SMS_G_System_SYSTEM_ENCLOSURE.SerialNumber##

It’s basically what the where clause is looking for, bracketed by ## and PRM:, so our query becomes:

select SMS_R_System.Name, SMS_G_System_SYSTEM_ENCLOSURE.SerialNumber 

from  SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId

where SMS_G_System_SYSTEM_ENCLOSURE.SerialNumber = ##PRM:SMS_G_System_SYSTEM_ENCLOSURE.SerialNumber##

After that is set up, you can execute it and get your info:

Capture

Returns:

Capture

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
WME Cybersecurity Briefings No. 008
Cyber Security

WME Security Briefing 03 May 2024

Security Bulletin: MITRE Corporation Targeted by Nation-State Cyber Attack Overview The MITRE Corporation, a prominent security and cybersecurity researcher in the USA, has fallen prey to compromise in its environment because of a sophisticated cyberattack from

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=