Windows Uniqueness
Problem
Determining Windows Devices Uniqueness
Because of the wide variety of windows installs the uniqueness for windows is quite complex. It is not possible to retrieve exactly the same information from a device via both WMI and Remote Registry; as such the uniqueness values are different. Both methods require the Windows ProductID (PID) to be retrieved along with the Hostname of the device. To reduce the factorial issue the uniqueness string was also reduced to just one other component. This value is different depending on whether the device is virtualized and by which platform it is virtualized on. In the event of a communication issue with the device the scan is stopped as we can no longer ensure the integrity of the uniqueness.
Solution
WMI
In WMI the PID is retrieved from the Win32_OperatingSystem class in the root\cimv2 namespace.
SELECT SerialNumber FROM Win32_OperatingSystem
The second part of the uniqueness string is the UUID of the device. This retrieved from the Win32_ComputerSystemProduct class in the root\cimv2 namespace; this value can be overwritten in the scenario where the device is recognised as virtualized (see below).
SELECT Vendor, UUID, IdentifyingNumber FROM Win32_ComputerSystemProduct
Virtualization
If the device has been identified as a virtual device the UUID component can be replaced by a platform specific component. The virtualization platform is identified either by the Vendor value from the Win32_ComputerSystemProduct query or the existence of the following registry keys.
Virtual Server
[SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters] PhysicalHostname
HyperV Server
[SOFTWARE\Microsoft\Virtual Machine\Auto] ProductType
The UUID component of a device is replace with the following values:
- Virtual Server
- For Virtual Server the UUID component is kept.
- HyperV Server
- For HyperV Server the UUID component is kept.
- VMWare
- For VMWare the UUID component is updated to the Identifying Number value retrieved by the Win32_ComputerSystemProduct query.
These values are used as they are maintained and updated by the virtualization platform for each device so should be unique for clones. If there is a collision the device creation logic will create a duplicate row based on the hostname.
Remote Registry
Remote registry is reserved for devices without WMI installed, such as Windows NT. The PID is retrieved from the registry in the following locations.
[SOFTWARE\Microsoft\Windows NT\CurrentVersion] ProductID or [SOFTWARE\Microsoft\Windows\CurrentVersion] ProductID
It is not possible to retrieve the UUID for a device via the registry, so for this type of scan it is left blank. If the device OS is Windows NT the UUID is allowed to be blank, otherwise an exception is thrown.
Virtualization
To identify a virtualized device via the registry we look at the same keys as above. We also check the BIOS manufacturer in an attempt to identify the virtualization platform.
- Virtual Server
[SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters] PhysicalHostname
- HyperV Server
[SOFTWARE\Microsoft\Virtual Machine\Auto] ProductType
- BIOS Vendor
[HARDWARE\DESCRIPTION\System\BIOS] SystemManufacturer
Related articles
Filter by label
There are no items with the selected labels at this time.