If PowerShell and PowerShell Remoting are not configured, MID Servers default to using WMI for discovery.

How PowerShell Discovery Works

• Probes and Sensors: When a Windows machine is classified with PowerShell and a Microsoft SQL instance is detected, a specific probe (Windows - MSSQL) is launched to retrieve database catalogs and version data, which is then passed to a sensor.
• Probe Parameters: For example, the WMIActiveConnections.ps1 script runs netstat.exe remotely to gather active connection details such as process IDs, ports, and IP addresses.
• Credentials: Discovery utilizes Windows PowerShell credentials stored in the discoverycredentials table or falls back to the MID Server service’s domain administrator credentials if explicit PowerShell credentials are absent.
• MID Server Script Includes: Scripts such as GenerateWMIScriptJS and GenerateWMIScriptPS1 run on MID Servers to generate the necessary WMI and PowerShell scripts used during discovery.

MID Server Configuration and Parameters

MID Servers can be configured with optional PowerShell-specific parameters to control discovery behavior. Changes to these settings require a MID Server service restart to take effect.

PowerShell Version Support and Requirements

• Supported PowerShell versions for MID Servers include 3.0, 4.0, and 5.0. These versions support Regular Discovery, Application Dependency Mapping (ADM), and File-based Discovery.
• PowerShell 3.0 does not support Windows Server 2003.
• PowerShell 6.0 is not supported due to removal of many cmdlets required by discovery, especially related to remote operations.
• MID Servers must run on a supported Windows operating system compatible with the PowerShell version used.

Windows PowerShell Execution Policies

PowerShell execution policies control script execution security and can be set via Group Policy:

• Restricted: No scripts run; PowerShell only interactive.
• AllSigned: Only scripts signed by trusted publishers run.
• RemoteSigned: Downloaded scripts must be signed.
• Unrestricted: No restrictions; all scripts can run.

For policies other than Unrestricted, scripts must be signed to execute. Customers should configure execution policies accordingly to enable discovery scripts.

PowerShell Remoting and Discovery Efficiency

PowerShell remoting establishes a secure, persistent PSSession for querying Windows servers via WinRM, improving efficiency and stability of remote script execution. This unified framework handles remote execution consistently across target devices.

Practical Benefits for ServiceNow Customers

• Enable accurate and secure discovery of Windows servers and MSSQL instances across multiple domains using centralized credential management.
• Improve discovery performance and reliability by leveraging PowerShell remoting sessions over traditional WMI calls.
• Customize discovery behavior through MID Server parameters and script includes tailored for PowerShell operations.
• Ensure compliance and security by aligning PowerShell execution policies with organizational standards.
• Gain deeper visibility into Windows server connections and services to support configuration management and service mapping efforts.