Windows-Probes und -Berechtigungen
Auf Windows-Computern greift Discovery durch die Ausführung von Befehlen als bestimmter Benutzer auf Geräte und Software zu.
Die meisten Probes erfordern Zugriff auf Windows-Klassen, -Eigenschaften und -Registrierungseinträgen. Bestimmte Probes erfordern zudem zusätzlichen Zugriff auf Windows-Verzeichnisse und -Ressourcen. Sicherheitsrichtlinien variieren je nach Organisation. Daher gibt es keine spezifische Rolle oder kein bestimmtes Recht, die bzw. das zu gewähren ist. Stellen Sie sicher, dass der Windows-Benutzer über lokale Administratorrechte für die Windows-Komponenten verfügt.
Administrative Freigaben
Administrative Freigaben sind unter Windows ausgeblendete Serverressourcen, die von Discovery zum temporären Speichern der Ergebnisse von Prozessen verwendet werden, die von bestimmten Probes ausgeführt werden. Die MID Server-Skriptdatei LaunchProc.psm1 startet den Prozess, schreibt seine Ausgabe in die administrative Freigabe auf dem Computer und ruft dann die Ergebnisse für den MID Server ab. Der Zugriff auf administrative Freigaben ist auf Benutzer mit Administratorberechtigungen für das Ziel beschränkt, zum Beispiel lokale Benutzer oder Benutzer in der Domäne, die zur Gruppe der lokalen Administratoren gehören.
Ab dem New York-Release rufen alle Windows-Probes, die das WMI-Protokoll verwenden, die Skriptdatei LaunchProc.psm1 auf und schreiben standardmäßig in den Freigabeordner admin$. Wenn auf jedem Windows-Ziel eine andere Netzwerkfreigabe bereitgestellt wird, kann der Ordner durch Aktualisieren der MID Server-Eigenschaft mid.powershell.target_base_dirgeändert werden.
Windows-Klassen
Die meisten Windows-Probes greifen auf Windows-Klassen und -Eigenschaften zu, die in diesen Klassen enthalten sind. Einige Windows-Klassen geben keinen Pfad für einen Datei-Namespace an. ServiceNow verwendet standardmäßig
root\cimv2\<Klasse>, wenn kein Pfad explizit angegeben ist. Hinweis:
Die Erkennung von Cluster-VIP wird nicht unterstützt.
| Probe | Windows-Klasse | Eigenschaft |
|---|---|---|
| Hyper-V - Cluster | root\MSCluster\MSCluster_ClusterToNode | Abhängig |
| Hyper-V - Cluster | root\MSCluster\MSCluster_ClusterToNode | Antecedent |
| Hyper-V - Cluster | root\MSCluster\MSCluster_Resource | Typ |
| Hyper-V - Resource Pools | root\virtualization\Msvm_ResourcePool | ResourceSubType |
| Hyper-V - Resource Pools | root\virtualization\Msvm_ResourcePool | Name |
| Hyper-V - Resource Pools | root\virtualization\Msvm_ResourcePool | Kapazität |
| Hyper-V - Resource Pools | root\virtualization\Msvm_ResourcePool | AllocationUnits |
| Hyper-V - Resource Pools | root\virtualization\Msvm_ResourcePool | InstanceID |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_MemorySettingData | VirtualQuantity |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_ComputerSystem | ElementName |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_ComputerSystem | TimeOfLastStateChange |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_LogicalDisk | NumberOfBlocks |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_MemorySettingData | AllocationUnits |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_VirtualSystemSettingData | ChassisSerialNumber |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_SyntheticEthernetPortSettingData | InstanceID |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_VirtualSystemSettingData | BIOSGUID |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_ComputerSystem | Beschreibung |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_ComputerSystem | Name |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_LogicalDisk | BlockSize |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_VirtualSystemSettingData | BIOSSerialNumber |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_VirtualSystemSettingData | BaseBoardSerialNumber |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_VirtualSystemSettingData | SystemName |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_LogicalDisk | ElementName |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_LogicalDisk | SystemName |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_ProcessorSettingData | VirtualQuantity |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_ProcessorSettingData | InstanceID |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_ComputerSystem | EnabledState |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_SyntheticEthernetPortSettingData | ElementName |
| Hyper-V - Virtual Machines | root\virtualization\Msvm_MemorySettingData | InstanceID |
| Hyper-V - Virtual Networks | root\virtualization\Msvm_VirtualSwitch | Name |
| Hyper-V - Virtual Networks | root\virtualization\Msvm_VirtualSwitch | ElementName |
| Hyper-V - Virtual Networks | root\virtualization\Msvm_ActiveConnection | Antecedent |
| Hyper-V - Virtual Networks | root\virtualization\Msvm_ActiveConnection | Abhängig |
| Windows - Active Processes | Win32_Prozess | Beschreibung |
| Windows - Active Processes | Win32_Process | CreationDate |
| Windows - Active Processes | Win32_Process | CommandLine |
| Windows - Active Processes | Win32_Process | Beschriftung |
| Windows - Active Processes | Win32_Process | Priorität |
| Windows - Active Processes | Win32_Process | ProcessId |
| Windows - Active Processes | Win32_Process | ParentProcessId |
| Windows - Active Processes | Win32_Process | Name |
| Windows - Active Processes | Win32_Process | ExecutablePath |
| Windows - Classify | root\MSCluster\MSCluster_Node | Name |
| Windows - Classify | Win32_ComputerSystem | Domäne |
| Windows - Classify | root\MSCluster\MSCluster_Resource | Name |
| Windows - Classify | root\MSCluster\MSCluster_Resource | Typ |
| Windows - Classify | root\MSCluster\MSCluster_Resource | PrivateProperties |
| Windows - Classify | root\virtualization\Msvm_ComputerSystem | Name |
| Windows - Classify | root\MSCluster\MSCluster_ClusterToNode | Abhängig |
| Windows - Classify | root\MSCluster\MSCluster_ClusterToNode | Antecedent |
| Windows - Classify | root\MSCluster\MSCluster_ClusterToResource | PartComponent |
| Windows - Classify | root\MSCluster\MSCluster_ClusterToResource | GroupComponent |
| Windows - Classify | Win32_OperatingSystem | Beschriftung |
| Windows - Classify | root\MSCluster\MSCluster_Cluster | Name |
| Windows - Classify | Win32_ComputerSystem | Name |
| Windows - Cluster | root\MSCluster\MSCluster_Cluster | Name |
| Windows - Cluster | root\MSCluster\MSCluster_Network | AddressMask |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToResource | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Resource | Typ |
| Windows - Cluster | root\MSCluster\MSCluster_Node | Characteristics |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceGroup | Name |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToQuorumResource | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceGroupToResource | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Network | Adresse |
| Windows - Cluster | root\MSCluster\MSCluster_Resource | PrivateProperties |
| Windows - Cluster | root\MSCluster\MSCluster_Resource | Status |
| Windows - Cluster | root\MSCluster\MSCluster_Node | Flags |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceGroup | PrivateProperties |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToQuorumResource | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceGroupToResource | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_NodeToActiveGroup | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Network | Beschreibung |
| Windows - Cluster | root\MSCluster\MSCluster_Cluster | Status |
| Windows - Cluster | root\MSCluster\MSCluster_Resource | Beschriftung |
| Windows - Cluster | root\MSCluster\MSCluster_Node | Status |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToNode | Abhängig |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceType | Beschreibung |
| Windows - Cluster | root\MSCluster\MSCluster_NodeToNetworkInterface | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_NodeToActiveGroup | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Network | Name |
| Windows - Cluster | root\MSCluster\MSCluster_Cluster | Beschriftung |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToNetworkInterface | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Node | NodeInstanceID |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToNode | Antecedent |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceType | PrivateProperties |
| Windows - Cluster | root\MSCluster\MSCluster_NodeToNetworkInterface | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceToPossibleOwner | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Node | Name |
| Windows - Cluster | root\MSCluster\MSCluster_NetworkInterface | Adresse |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToNetworkInterface | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Node | Beschreibung |
| Windows - Cluster | root\MSCluster\MSCluster_NodeToActiveResource | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceType | DisplayName |
| Windows - Cluster | root\MSCluster\MSCluster_Event | Typ |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceToPossibleOwner | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Resource | Name |
| Windows - Cluster | root\MSCluster\MSCluster_NetworkInterface | Netzwerk |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToNetwork | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Node | Status |
| Windows - Cluster | root\MSCluster\MSCluster_NodeToActiveResource | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceType | Name |
| Windows - Cluster | root\MSCluster\MSCluster_Event | Name |
| Windows - Cluster | root\MSCluster\MSCluster_NetworkInterface | DeviceID |
| Windows - Cluster | root\MSCluster\MSCluster_Resource | Beschreibung |
| Windows - Cluster | root\MSCluster\MSCluster_NetworkInterface | Beschreibung |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToNetwork | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Node | Beschriftung |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceToDependentResource | Abhängig |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceGroup | Status |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToResourceGroup | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceTypeToResource | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Cluster | Beschreibung |
| Windows - Cluster | root\MSCluster\MSCluster_NetworkInterface | Name |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToResource | PartComponent |
| Windows - Cluster | root\MSCluster\MSCluster_Node | PrivateProperties |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceToDependentResource | Antecedent |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceGroup | Beschreibung |
| Windows - Cluster | root\MSCluster\MSCluster_ClusterToResourceGroup | GroupComponent |
| Windows - Cluster | root\MSCluster\MSCluster_ResourceTypeToResource | GroupComponent |
| Windows - CPU / Memory | Win32_PhysicalMemory | DeviceLocator |
| Windows - CPU / Memory | Win32_PhysicalMemory | TypeDetail |
| Windows - CPU / Memory | Win32_PhysicalMemory | FormFactor |
| Windows - CPU / Memory | Win32_PhysicalMemory | MemoryType |
| Windows - CPU / Memory | Win32_PhysicalMemory | DataWidth |
| Windows - CPU / Memory | Win32_PhysicalMemory | TotalWidth |
| Windows - CPU / Memory | Win32_PhysicalMemory | BankLabel |
| Windows - CPU / Memory | Win32_PhysicalMemory | Status |
| Windows - CPU / Memory | Win32_Processor | Hersteller |
| Windows - CPU / Memory | Win32_Processor | NumberOfCores |
| Windows - CPU / Memory | Win32_PhysicalMemory | Geschwindigkeit |
| Windows - CPU / Memory | Win32_Processor | MaxClockSpeed |
| Windows - CPU / Memory | Win32_Processor | NumberOfLogicalProcessor |
| Windows - CPU / Memory | Win32_PhysicalMemory | SerialNumber |
| Windows - CPU / Memory | Win32_Processor | Name |
| Windows - CPU / Memory | Win32_PhysicalMemory | PartNumber |
| Windows - CPU / Memory | Win32_PhysicalMemory | Kapazität |
| Windows - CPU / Memory | Win32_PhysicalMemory | Hersteller |
| Windows - CPU / Memory | Win32_PhysicalMemory | Tag |
| Windows - Disks | Win32_LogicalDisk | Größe |
| Windows - Disks | Win32_LogicalDisk | FreeSpace |
| Windows - Disks | Win32_LogicalDisk | DeviceID |
| Windows - Disks | Win32_LogicalDisk | FileSystem |
| Windows - Disks | Win32_LogicalDisk | DriveType |
| Windows - Disks | Win32_LogicalDisk | Beschreibung |
| Windows - Disks | Win32_LogicalDisk | VolumeSerialNumber |
| Windows - Disks | Win32_LogicalDisk | VolumeName |
| Windows - Get IIS Information | root\MicrosoftIISv2\IIsWebServerSetting | SecureBindings |
| Windows - Get IIS Information | root\MicrosoftIISv2\IIsWebServerSetting | Name |
| Windows - Get IIS Information | root\MicrosoftIISv2\IIsWebServerSetting | LogFileDirectory |
| Windows - Get IIS Information | root\MicrosoftIISv2\IIsWebInfo | MinorIIsVersionNumber |
| Windows - Get IIS Information | root\MicrosoftIISv2\IIsWebInfo | MajorIIsVersionNumber |
| Windows - Get IIS Information | root\MicrosoftIISv2\IIsWebServerSetting | ServerComment |
| Windows - Get IIS Information | root\MicrosoftIISv2\IIsWebServerSetting | ServerBindings |
| Windows - Hardware Information | Win32_ComputerSystemProduct | UUID |
| Windows - Hardware Information | Win32_ComputerSystemProduct | IdentifyingNumber |
| Windows - Hardware Information | Win32_SystemEnclosure | ChassisTypes |
| Windows - Hardware Information | Win32_BIOS | SerialNumber |
| Windows - Hardware Information | Win32_SystemEnclosure | SerialNumber |
| Windows - Hardware Information | Win32_BaseBoard | SerialNumber |
| Windows - Installed Software | Win32_OperatingSystem | Beschriftung |
| Windows - Network | Win32_NetworkAdapterConfiguration | Index |
| Windows - Network | Win32_NetworkAdapterConfiguration | DHCPEnabled |
| Windows - Network | Win32_NetworkAdapterConfiguration | MACAddress |
| Windows - Network | Win32_NetworkAdapterConfiguration | IPSubnet |
| Windows - Network | Win32_NetworkAdapterConfiguration | IPAddress |
| Windows - Network | Win32_NetworkAdapter | Index |
| Windows - Network | Win32_NetworkAdapterConfiguration | Beschriftung |
| Windows - Network | Win32_NetworkAdapter | Hersteller |
| Windows - Network | Win32_NetworkAdapterConfiguration | DefaultIPGateway |
| Windows - Network | Win32_NetworkAdapter | NetConnectionID |
| Windows - Network | Win32_NetworkAdapterConfiguration | IPEnabled |
| Windows - OS Information | Win32_OperatingSystem | CSDVersion |
| Windows - OS Information | Win32_OperatingSystem | Version |
| Windows - OS Information | Win32_ComputerSystem | UserName |
| Windows - OS Information | Win32_ComputerSystem | Modell |
| Windows - OS Information | Win32_ComputerSystem | Hersteller |
| Windows - OS Information | Win32_Processor | AddressWidth |
| Windows - OS Information | Win32_OperatingSystem | Beschreibung |
| Windows - Printers | Win32_Printer | Name |
| Windows - Printers | Win32_TCPIPPrinterPort | HostAddress |
| Windows - Printers | Win32_TCPIPPrinterPort | Name |
| Windows - Printers | Win32_Printer | PortName |
| Windows - Printers | Win32_Printer | DeviceID |
| Windows - Services | Win32_Service | ProcessId |
| Windows - Services | Win32_Service | ServiceType |
| Windows - Services | Win32_Service | StartName |
| Windows - Services | Win32_Service | DisplayName |
| Windows - Services | Win32_Service | Status |
| Windows - Services | Win32_Service | StartMode |
| Windows - Services | Win32_Service | PathName |
| Windows - Services | Win32_Service | DesktopInteract |
| Windows - Services | Win32_Service | Name |
| Windows - Services | Win32_Service | AcceptStop |
| Windows - Services | Win32_Service | AcceptPause |
Windows-Registrierungseinträge
Für Windows-Probes von Discovery sind mehrere Windows-Registrierungseinträge verfügbar.
Hinweis:
Der Sensor „Windows - Installierte Software“ wendet einen Zeitstempel von 00:00:00 auf den in der Registrierung abgerufenen Wert „install_date“ ab. Die Installationszeit aller Windows-Software ist unabhängig von der Zeitzone und wird auf Mitternacht des Tages festgelegt, an dem sie installiert wurde. Beispielsweise wird das Installationsdatum, das mit 2.19.2017 in der Windows-Registrierung angegeben ist, als 2.19.2017 00:00:00 in der CMDB angezeigt.
| Probe | Windows-Registrierungseinträge |
|---|---|
| Windows - Classify | HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Hostname |
| Windows - Classify | HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Domain |
| Windows - Find APD File Location | HKEY_LOCAL_MACHINE/SOFTWARE/APD/APD/CONFIGPATH |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/InstallDate |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayVersion |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/ProductId |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/ProductId |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/InstallDate |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Uninstall/*/ParentDisplayName |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/DisplayVersion |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Uninstall/*/UninstallString |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/Publisher |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Internet Explorer/Version |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/DisplayName |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Uninstall/*/Publisher |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/ProductID |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Office/*/Registration/*/ProductID |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/ProductID |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayVersion |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/DisplayVersion |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Office/*/Registration/*/DigitalProductID |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/Publisher |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Installer/UserData/*/Products/*/InstallProperties/DisplayName |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Uninstall/*/UninstallString |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Office/*/Registration/*/DigitalProductID |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Internet Explorer/Registration/ProductId |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Uninstall/*/Publisher |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Internet Explorer/svcVersion |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Office/*/Registration/*/ProductID |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Uninstall/*/InstallDate |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Wow6432Node/Microsoft/Windows/CurrentVersion/Uninstall/*/ParentDisplayName |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Uninstall/*/InstallDate |
| Windows - Installed Software | HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/DigitalProductID |