Creating custom dynamic computer groups based on registry keys on agents

I have had a few requests now for this, so I thought I would take the time to write up the process.




Lets say I have three support levels of servers:


Level 1 – servers critical to business operations (ex: customer facing web applications, SQL back-ends)

Level 2 – important servers (ex: messaging, internal apps)

Level 3 – non-essential servers (ex: non-critical or highly redundant internal apps)


Lets say we want to create overrides for certain rules…  where we will page on anything in Level 1 group, email notify on Level 2 group, and simply alert for Level 3.  Possibly we want to create views, and only see alerts for Level 1 servers.  Perhaps we wish to scope users so they only see Level 1 and Level 2 servers in the console?

Well – the first step is to place these servers into groups.

Sure – we can do this manually, with explicit assignments to the group.  But that is resource intensive over time, and we might miss one down the road.  I’d prefer to dynamically create the groups of Windows Computers based on a name…. but this can be difficult sometimes – where we don't have a solid naming scheme, or other criteria to group by.


I will demonstrate another way to accomplish this… by coming up with a business process to use a registry key on your managed servers, and collect this registry attribute with SCOM.  Then – use this Registry attribute for dynamic group memberships.


Ultimately – there are three simple steps to this process:

1.  Create registry keys on agents.

2.  Extended a class with an attribute, to discover the registry keys and values.

3.  Create dynamic groups based on the attribute values from the registry.

It is just that simple.



To get started – lets talk about our custom registry key.  For this example, I am going to create a new Key at HKLM\Software\ and call it “CompanyName”

Next – in that key – I will create a new DWORD Value, named “SupportLevel”

Lastly – I will assign a numeric value to “SupportLevel” on each server, either 1, 2, or 3.



In my environment…. my Hyper-V servers are critical.  They host all of my VM’s, including many business critical applications.  Therefore – they will get Level 1.

My Exchange 2007 servers handle all my mail traffic and notifications, so I will set their registry value to Level 2.

My Exchange 2003 servers have been retired – for MP testing only… so we will set those to Level 3.


Here is a table that shows what I am planning:

ServerName SupportLevel
VS1 1
VS2 1
VS3 1


So – I get all my registry values set on all computers.  This is a big job at first, but it is a one time deal, and you can even script it if you are handy.


Next… we need to discover these registry entries in SCOM, as attributes of a class.  Then were can use that attribute to group objects.  Since I want Windows Computer objects in my groups (Windows Computer is a good object for most overrides, scoping, notifications…etc..) we would like to have these attributes added to the Windows Computer class.

However – there is a problem.  The Windows Computer object is in a sealed MP.  We cannot just add information to that class as we would like.  Therefore – OpsMgr allows us to “Extend” an existing class… and add our custom attributes to it.  This “Extended” class is basically a copy of the existing class… it will have all the built in attributes of Windows Computer, and will also have our custom attribute properties.  It’s is easier to see it than to talk about it.


First – in the Ops console – authoring pane – go to Attributes.  Create a new attribute.  I am going to call this one “SupportLevel”




Next – choose “Registry” for the discovery type.

Next – We need to pick the Target class.  We want Windows Computer.  Note – this will create a new class, named “Windows Computer_Extended” by default.  We can use this name, or you can rename this whatever you want.  It is your class.  I will leave it at the default.




Most important!  Management Pack location.


This is CRITICAL.  Spend some time making sure you are creating these attributes in the correct location.  If you leave this MP unsealed XML…. then any groups you create that use these attributes, will have to be placed in this same MP.  Then – if you use these groups for Overrides – those overrides will be force to go in this same MP.  There is a “cardinal rule” in SCOM… objects in one unsealed MP cannot reference another unsealed MP.  So – we cannot have a group in one unsealed MP, and then use that group for an override in another unsealed override MP. 

So – we have two choices. 

1.  Keep an unsealed MP… and live with the fact that attribute, group, and override will all have to be placed here. 

2.  Create the attribute and the dynamic group in the MP, then seal it.  Then – you can use this group in ANY of your override MP’s… for Exchange, SQL, etc…

I strongly recommend option #2 for this exercise… but you can make this decision for yourself.




Ok…. I will choose Option #2 (seal the MP), so I will create a new MP just for this extended class, and groups.


On the next screen – we can put in our registry information:

In this example – I am looking for a registry Value (1, 2, or 3), and my attribute type is “Int” for integer.

For the frequency, set this to a reasonable frequency to discover you machines as they come on to you network.  Typically, once per day is sufficient (86400 seconds)  Remember – this will run against ALL your Windows Computers… so never set this more frequent than once per hour… that creates unnecessary overhead.



Ok – lets examine our work!

Go to Monitoring, Discovered Inventory, and change target type to our new class “Windows Computer_Extended”

If you do this quickly – you may find it is empty.  This is what is happening behind the scenes:  All Windows Computers are now downloading our newly created MP.  They are going to run the registry attribute discovery, and submit their discovery data to the management server.  The Management Server will insert this discovery data in the database.  Over time, you will start to see all your Windows Computers pop into this class membership.  You will notice a new attribute now, in addition to all the existing Windows Computer attributes.  This attribute is “SupportLevel” and will be 1, 2, 3, or empty… depending on what each agent find in the registry.

Now – I set my registry discovery to once per day…. so I will need to wait 24 hours before I can expect all my healthy agents to show up in this list.  To speed things up – I am going to bounce the HealthService on these example agents.  (Agents run all discoveries when a HealthService restarts, and then on their frequency schedule)

Here is an example a few minutes after bouncing the HealthService on some agents:




Next on the list – create the groups.  I will create these in the same MP that the attributes exist in.


I will call my first group “CompanyName – Support Level 1 Servers Group”.  I like to append the word “Group” to all groups I create as a best practice.  This helps us determine this group class is actually a group when we see it in the list of classes in the UI.  I sure wish all MP authors would take this to heart, since every group is actually a singleton class.




On the dynamic members screen – I will fins my “Windows Computer_Extended” class – and click Add.  What we now see – is that we have a new attribute to use, “Support Level”




I will set this group to “SupportLevel Equals 1” and click OK.




Now – I can right-click my new group – and choose “View Group Members”






Yee-haw!  It works!  Now – I simply repeat this above step – creating groups for SupportLevel 2, and 3.


image image



Now – that is done.  This is the area, that I recommend we stop… take a breather…. then seal the MP.  If you seal the MP – we will be able to use the groups for overrides in any other override MP.  If you choose not to seal the MP now… any overrides you use the groups for – will be forced into this same MP.  Please keep that in mind.

Since I am harping on sealing the MP…. I am going to do a quick example of just that.  Jonathan Almquist has an excellent tutorial on sealing MP’s HERE and we will use his example.

**Note – when running the sn.exe commands to create our key…. we only need to do this one… not every time we want to seal an MP.

***Critical note – you need to keep a backup of this key… because it will be required for making updates to this MP in the future, re-sealing, and keeping the ability to upgrade the existing MP in production.

So, I create the folders, create the key using sn.exe, copy over the referenced MP’s from the RMS,  and now I am ready to seal.

MPSeal.exe c:\mpseal\input\CompanyName.SupportLevel.MP.xml /I "c:\mpseal\mp" /Keyfile "c:\mpseal\key\PairKey.snk" /Company "CompanyName" /Outdir "c:\mpseal\output"


Works great.




Now – I can delete my unsealed MP from the management group, and import my sealed MP.


Phew.  All the heavy lifting is done.  Now… I have my groups… I can start setting up overrides using these groups, or scoping notifications. 

On my Support Level 1 group – I will use this to set up my pager Notification subscriptions to only page based on specific classes, and this group.

On my Support Level 2 group – I will use this to override important alerts to High Priority… because I am using High Priority as a filter for email notifications, per my previous blog post here:

On my Support Level 3 group – I will use this group for tweaking/disabling rules and monitors for the group… turning off discoveries so they don't discover lab servers, scoping views, etc.


Maybe in my next post…. I will build on this MP… and show a really simple way to add the Health Service Watcher objects to these dynamic groups… for each Windows Computer object that is in the group – so we can use these groups for Heartbeat failure notifications.

Comments (25)

Cancel reply

  1. Kevin Holman says:

    @Fahim – I understand exactly what you are asking. Which is why I explained that this example is using an unfiltered registry discovery. Discovered inventory shows instances of a class. This discovery is unfiltered, so it will contain a class instance for each computer that runs the discovery, regardless of the property value. That is by design. If you WANT a filtered discovery – then I’d recommend changing it to a filtered discovery provider and adding the required filter expression, where value = true. However, if you are going THAT far – stop extending Windows Computer altogether, and just create your OWN class based on the Local Application class and use a filtered reg discovery provider. I have several examples of this.

  2. Kevin Holman says:

    @ DSloyer2015 –

    Why can you just use groups, if you are already discovering this registry data in SCOM, and use dynamic expressions?

  3. Kevin Holman says:

    This example uses a unfiltered registry discovery. It will add a property and discover the value of that property for all instances. If you want to filter on specific machines, then you need to use a filtered registry discovery provider, and provide a filter expression in XML.

  4. Kevin Holman says:

    You nailed it – that is exactly correct – as I am sure you found out by testing.  Boolean or "check if exists" will always be "attributename" equals "true"

  5. Anonymous says:

    Thanks Kevin we have been using this method successfully for about a year.  It was recommended by our MS Consultant.  I found your article because we are experiencing the issue that you described near the end of the post, we need a way to tie this registry key to the Health Service Watcher class so that we can control the Heartbeat alerts.  

    So far I have been able to extend the Health Service Watcher class, but the value of the registry key for the class is set to the value on the MANAGEMENT SERVER that manages the server, not the value on the server itself.

    Not sure how to work around this issue, the only idea I have so far is that when looking at the Health Service Watcher class and the Windows Server class, the only attributes in common are Display Name which is inherited from Entity.  Somehow you would have to extend the Health Service Watcher class with the attribute from Windows Server_Extended where



    Hoping I explained this well, I would be interested in any feedback you could give.  TIA

  6. Kevin Holman says:

    You cannot extend the HSW class.  It is special and you really cant treat it like any other class.

    You cannot add the HSW instance to a group in the UI:

    You must edit the XML for your group.

    Here is an example:

  7. Fahim2010 says:

    Hi Kevin,
    Sorry. I guess I was not clear on my post. What you described is totally fine for us. And I can see that the property value and am able to create dynamic group using the attribute. —- But I do not understand why changing ‘target type’ under Discovered Inventory would still show all monitored servers instead of showing servers where the property value is ‘true’. Seems like it is including the ones where the property value is false.
    Thanks again for your input.

  8. Kevin,

    This is great but it stills requires the manual creation of groups for very possible registry key.

    What we are exploring right now is how to create a dynamic group and scoped role based on different string values of defined registry keys.

    Say a registry key contains the name of the business group who owns the server. Lets say say the value is SupportTeamX. This registry key will be read by OpsMgr, create a computer group called SupportTeamX and create a scoped role called SupportTeamX that is scoped to just that computer group.

    Active Directory group membership of the role can be managed separately.

    Would you have any examples of something like this? Based on the work so far I think the dynamic group and role creation is going to require managed code to handle.

  9. David says:

    Nice post Kevin, the art helps 🙂

  10. Marnix Wolf says:

    Again a masterpiece. Thanks for sharing this information.

  11. José Fehse says:

    Kevin, how should we convert a formula to scom that uses boolean conditions (Check if exists). It doesn’t seem to have an option in SCOM for that. Should we use "Equals True", like below for example?

    ( Object is Windows Server Operating System_Extended AND ( MOSS 32bit Equals True )

    José Fehse


  12. Phil says:

    Firstly thanks for a great easy to follow example but I still have a few issues to make this work with clusters.

    Is there anyway for the support value of the underlying cluster node to be set for the virtual nodes it hosts?

    They are discovered by the extended class but the supportlevel is always blank. Which of course means if you use these groups to limit for example to level 1 SQL DB Engines then any SQL instances on a cluster are missing.

  13. Jav says:


    I am trying to do something similar, adding attribute "Forwarders" to DNS servers to be able to create a group containing DNS servers with specific addresses as forwarders.

    I then point to the value "HKLMSystemCurrentControlSetServicesDNSParametersForwarders" where there will typically be one or more ip addresses. (in this case I am using "string" as type.

    The discovery works, but I only get the first ip address populated (in most cases there are two).

    Is there any way to set string to multi-string to support this?

    thanks in advance!!!

  14. funzel says:

    This article is very helpfull, many thanks

    We have at the moment a workshop and discussed the same problem, handling machines groups based dynamic on different classifications defined from us itself

  15. CD says:

    Hi Kevin, thanks for this post – we've been using this method successfully to create groups, using the string method, we're finding a handful of our servers are just not populating into any groups, the reg keys are right, they are reporting in SCOM and the remote registry service is running, but the query doesnt catch them for some reason – apart from resorting to making the problem servers explicit members, have you got any ideas as to what it may be?

    Thanks again, for this article – saved us a lot of work!

  16. ilans says:

    i need some help for doing something similar for Database class, i want to have two dynamic groups, PROD Databases and DEVTEST Databases. i can put a registry key for each database that will hold that value. i need an idea on how to do the discovery for this attribute.

    any idea if there are other ways then registrywmi Discovery, i thought on using one XML file on each SQL server that will hold list of all databases on that server, but it seem that i cannot use POWERSHELL script for the discovery.

    any idea ?

  17. Help with SCOM 2012 says:

    Hi Kevin,
    I have done it with 2007 successfully but with 2012, the extended target is not showing servers of our interest. It still shows all monitored servers instead of showing blank page or server of our interest. We tried registry key to discover. Changed target. But Computer_Extended target shows all machines. Am I missing something here?
    Your input is much appreciated.

  18. Help with SCOM 2012 says:

    Hi Kevin,
    To add to what I posted a moment ago, I can see that the attributes (true or false) are being listed under agent object property but the view is still showing all computers. Any help?

  19. How far can SCOM bend says:

    Hi Kevin,
    Apologies for getting greedy on this but is there a way to get the Service Level details from a SQL Server table instead of registry entry? This will allow us managing service levels in a flexible and dynamic way. SQL server with these details is in a management
    VLAN so only SCOM can talk to it. Any ideas how this can be done ?

    Thanks for a lot of help on all topics. They have been a life saver.

  20. DSloyer2015 says:

    Firstly, Kevin this is a great example and I have used it in the past, very thoroughly explained.

    However, I am trying to create dynamic groups and a scoped roles based on an array of registry values. There was a request for something similar back in 2009 and you stated you may update this guide to include that example.

    In our environment, we publish data to the registry at build time that captures the maintenance windows, support owner of the server, SLA, and other other company specific data. I’m collecting this data with SCOM and I’d like to automatically create groups
    and possibly a role based on each Support group name. Is this something you’ve run into before?

  21. Anonymous says:

    I wrote a post explaining Run As accounts a while back here:

  22. Pavithra says:

    I am trying to create an Attribute using Registry discovery for the value “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings\ChannelCertificateHash”, but seems to be not working. I am checking if the registry exists or not. Please assist.

  23. Torben Andersen says:

    Hi Kevin, everything went fine until dynamic members group creating screen – I can’t see/find my “Windows Computer_Extended” class – can you please help?

  24. Kevin Holman says:

    this means you are creating a group in some other MP, other than the unsealed MP the extended class is in. One unsealed mp cannot reference another unsealed mp.

    I recommend when you extend classes, that MP be kept simple with the extended classes and discoveries only, and sealed. So it can be used anywhere.

Skip to main content