locked
Need to Scan for files that are Blocked by skpswi.dat file RRS feed

  • Question

  • Hi,

    How can i controle the skpswi.dat creation, everywhere on the net there is a way to block software inventory from happening guides, but i need to know who has a copy of a certain SQL .mdf file, and we had people copying the file and then putting the business at risk by having that file on their desktops its only allowed on servers, So i still need to scan for the file event if they are trying to block me, is there any why i can still do a scan of whom has the file even if they try and block me?

    Kind Regards

    Friday, July 19, 2013 7:44 AM

Answers

  • Abuse is not something you can technically overcome; specifically, if your users are doing bad things to overcome the mechanisms in place, you need to change tactics. In this case also, you can't change the built-in functionality because it was not designed for bad users abusing it.

    A simple VBScript or PowerShell though will easily find all of the files and you can dump the results into WMI and have ConfigMgr pick the results up from there. Or, the script can delete all of those non-default files also. Lots of ways you can approach it.

    Then, when you find the culprits, they can be escorted out because they've done two things wrong: placed files they know they shouldn't have and explicitly hidden them by circumventing the systems in place. That's two strikes easy and at the end of the day, enforcement of abuse is an HR issue.


    Jason | http://blog.configmgrftw.com

    Friday, July 19, 2013 12:59 PM

All replies

  • Sample Configuration Item: Check for the Presence of the File Skpswi.dat Using Desired Configuration Management
    http://technet.microsoft.com/en-us/library/bb632520.aspx

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, July 19, 2013 8:16 AM
  • Isnt there another way, of doing this, like disabling the fact that it will ignor the file if found from a client,

    As that isn't very usefull, and the post is still for sccm 2007 and i am using SCCM 2012Sp1, i used the configuration baseline to check for the existance of the file > 1. and so far i know now they block the whole drive now from being inventried.

    Any other help?

    Friday, July 19, 2013 12:34 PM
  • Abuse is not something you can technically overcome; specifically, if your users are doing bad things to overcome the mechanisms in place, you need to change tactics. In this case also, you can't change the built-in functionality because it was not designed for bad users abusing it.

    A simple VBScript or PowerShell though will easily find all of the files and you can dump the results into WMI and have ConfigMgr pick the results up from there. Or, the script can delete all of those non-default files also. Lots of ways you can approach it.

    Then, when you find the culprits, they can be escorted out because they've done two things wrong: placed files they know they shouldn't have and explicitly hidden them by circumventing the systems in place. That's two strikes easy and at the end of the day, enforcement of abuse is an HR issue.


    Jason | http://blog.configmgrftw.com

    Friday, July 19, 2013 12:59 PM
  • This just makes my life as an SCCM Admin a bit difficult, there should have been an option to ignore the file.

    Can you assist me on how i would set that up with SCCM to do?

    Friday, July 19, 2013 1:55 PM
  • Hi,

    Here's a sample VBScript that will delete a file:

    http://www.activexperts.com/network-monitor/windowsmanagement/adminscripts/filesfolders/files/#DeleteFile.htm

    I'd suggest adding in some code to keep track if the file is found so you can determine who is breaking your policies. I generally will have a script either create or write to a file on a network location for something like this.

    Once you have the code working on a single PC, you can then just deploy it to all machines.


    Don't retire TechNet!

    Friday, July 19, 2013 3:02 PM
  • This just makes my life as an SCCM Admin a bit difficult

    Who said it should be easy?

    There simply is no way for them to account for every permutation/possibility of stupid user tricks.


    Jason | http://blog.configmgrftw.com

    Friday, July 19, 2013 3:32 PM
  • Hi,

    The scrips are not effective as i would have it want to be, is there another way of doing this with SCCM?

    I need to find the files that should not be on the desktops and now this skpswi.dat is stopping me, what else can i do?

    Tuesday, July 23, 2013 1:02 PM
  • The scripts are simply starting points/examples to build upon. Now you need to write your own that suits the task at hand.

    Jason | http://blog.configmgrftw.com

    Tuesday, July 23, 2013 1:07 PM

  • I need to find the files that should not be on the desktops and now this skpswi.dat is stopping me, what else can i do?


    Use DCM to detect those files. skpswi.dat does not stop DCM from working. (Yes, the example above was written for CM07, but the idea can still be used in CM12).

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, July 23, 2013 2:08 PM