The scanning process

Snow Inventory Agent for Windows scans the file system and the registry, and collects information from the Windows Management Instrumentation (WMI). A combination of data from these sources is then used by the Snow Recognition Service (SRS) to identify the details of the software, such as product name, version, and edition.

Snow Inventory Agent for Windows can be scheduled to run daily, weekly, or monthly or at Windows start-up. The scan schedule is configured via Snow Inventory Admin Console.

Randomization can be applied to the daily, weekly, and monthly occurrence types. It adds a random delay each time a scan is scheduled which will spread the start time among the agents and distribute the load when many agents are configured to scan at the same time.

Before a scheduled scan starts, the agent checks when its last scan was run. If it was run the same day, no new scan is performed. This means that a scheduled scan will never be performed more frequently than once a day. This check is not done when a scan is run from the command prompt.

When a scheduled scan is completed, the result is sent immediately to an Inventory server.

Heartbeat

In addition to the scheduled scans, the Snow Inventory Agent for Windows sends heartbeats according to a configurable interval. The heartbeat is a simple communication between the agent and the Inventory Server where the agent asks the server for tasks. Examples of tasks include agent updates, configuration updates, addition/removal of support files, and initiation of scans outside of the configured schedule.

The minimum interval between heartbeats is 10 minutes.

For details on the configuration of heartbeats, read about the settings http.poll_interval and http.poll_variance in the configuration-doc.html file.

Agentless scan

A remote script or a logon script can trigger the agent to perform a scan on a computer without installing the agent locally. To achieve this the agent files need to be saved on a network share for which the domain users have read and execute access. However, an agentless scan is limited to software and hardware inventory; no software metering will be gathered.

Scanning the registry

The agent can query the registry to find software details, and for that uses a pre-defined list of registry keys to be scanned. For information on what registry keys the agent queries by default, see the file win_snowagent_defaultBehavior.config.xml.

The agent will collect a maximum of 128 results from each of the registry queries.

Running PowerShell scripts as part of the scanning process

Snow Inventory Agent for Windows has support for running Windows PowerShell scripts as part of the inventory scanning process. The built-in functionality uses the output of the Windows PowerShell scripts to identify software and custom registry keys. The results are sent from the agent to an Inventory Server. This enables scanning of additional information from software products, and can also be used for custom tasks such as identifying which users are local administrators.

The agent will look for scripts with filenames starting with "Scan-" and are located in any of the following folders:

  • The working directory: C:\Program Files\Snow Software\Inventory\Agent

  • The data folder: C:\Program Files\Snow Software\Inventory\Agent\data

  • The psscripts folder: C:\Program Files\Snow Software\Inventory\Agent\psscripts

PowerShell Script Execution Policy

PowerShell’s default script execution policy does not apply to scripts written exclusively for Snow Inventory Agent for Windows.

PowerShell script integrity mode

The file extension of a script file decides in which integrity mode it runs.

  • PowerShell scripts with the file extension ".ps1" are not encrypted and run in low integrity mode. The low integrity mode prevents these PowerShell scripts from potentially harming the system. In this mode, the scripts and child processes cannot modify the underlying system.

  • PowerShell scripts with the file extension ".snow-ps1" are encrypted and run in medium integrity mode.

For details regarding Windows integrity modes, refer to the following MSDN article: https://msdn.microsoft.com/en-us/library/bb625957.aspx

Custom encryption and decryption of PowerShell scripts

To make it possible for users to run PowerShell scripts that are not written by Snow Software in medium integrity mode, a unique custom encryption key can be used instead of the default encryption key. The custom encryption key overwrites the default key.

To generate a custom encryption key, use the psencrypt.exe tool. Snow Community contains a support article named PSEncrypt.exe tool, which is available by first signing in; this article contains the tool which is available for download.

psencrypt.exe keygen

To enable encryption with a custom encryption key, use the configuration option powershell.encryption_key in SystemSettings:

<SystemSettings>
    <Setting key="powershell.encryption_key" value="[value of custom encryption key]"/>
</SystemSettings>

To encrypt scripts with the custom encryption key:

  1. Use the psencrypt.exe tool:

    psencrypt.exe encrypt <path_to_target_script> <path_to_output_file>
  2. When asked for input, enter the custom encryption key.

    Note

    Scripts created by Snow Software and customers can both be encrypted by using a custom encryption key.

    Note

    When Inventory Agent is configured to use a custom encryption key it will not execute the default scripts that are provided by Snow Software. To execute these scripts, they must be encrypted a second time, using the custom encryption key:

    psencrypt.exe encrypt <Snow Software standard script>.snow-ps1 <re-encrypted Snow Software script>.snow-ps1

To decrypt scripts with the custom encryption key:

  1. Use the psencrypt.exe tool:

    psencrypt.exe decrypt <path_to_target_script> <path_to_output_file>
  2. When asked for input, enter the custom encryption key.