Inventorying and Reporting on driver information with ConfigMgr

In regards to drivers and BIOS updates on workstations in your environment, a lot of organizations have held the mindset for many years that ‘If it ain’t broke, don’t fix it!‘. We did too up until we had a Windows Desktop RaaS with Microsoft in 2014.

Blog info:

Premier Services site:

What we found is that by not managing our driver and BIOS versions, we had no baseline, and there for a very difficult time troubleshooting hardware and performance related issues. Now we inventory our driver information in SCCM, and can report on how we are doing with versions out in our environment. This information is not available out of the box, so it takes a little setup.

Inventoring the Win32_PnpSignedDriver WMI class

Like all scripts, they should be written in PowerShell, so I created one for a SCCM Script Compliance Item in PowerShell.

A few notes:

  • A new WMI class Win32_PnpSignedDriver_Custom is created. Edit $NewClassName if you would like to change it.
  • The custom class is deleted and recreated on each run
  • The following Properties are inventoried: DeviceClass, DeviceName, DriverDate, DriverProviderName, DriverVersion, HardwareID, DeviceID
  • The timestamp is inventoried
  • Feel free to edit the filter for your own organizations needs
    • $_.DeviceClass -ne ‘VOLUMESNAPSHOT’ -and $_.DeviceClass -ne ‘LEGACYDRIVER’ -and $_.DriverProviderName -ne ‘Microsoft’ -and $_.DriverVersion -notlike “2:5*”

Download the Configuration Item CAB here: Script – Windows – PNP Signed Drivers

Once the script has been deployed and ran on a few machines, just connect to WMI and you can add the new Win32_PnpSignedDriver_Custom class to your SCCM hardware inventory.


Reporting on driver versions

Once you have the data in your inventory, you just need to report on it.

The SQL view v_gs_pnp_signed_driver_custom gets created from your hardware inventory and contains all the raw data. Here are a few sample SQL queries:

Here is a look at some of the raw data:


It was asked by a few members of the community what impact this may have on your database, and how large the table may be. My data is below, but you will need to judge for yourself if this would be an impact to your environment.

There are 77,767 unique resource IDs (total clients reporting) in this table in our environment.

TableName SchemaName RowCounts TotalSpaceKB UsedSpaceKB UnusedSpaceKB
PNP_SIGNED_DRIVER_CUSTOM_DATA dbo 639759 514512 512840 1672
PNP_SIGNED_DRIVER_CUSTOM_DATA dbo 983014 767456 764480 2976

We use the two LAN and WLAN queries above to create a network driver dashboard to report on how standardized we are. We highlight the current standard versions to quickly see any drift.

The .RDL is tailored for our environment, primarily Intel NICs with a few Broadcom and Realtek, so you may need to customize it for your models. The highlights also are “point in time” choices, and will also need to be modified for your needs.

Network – Workstation Dashboard



24 thoughts on “Inventorying and Reporting on driver information with ConfigMgr

  1. I couldn’t resist commenting. Very well written!

  2. Peter Asp

    This is terrific, Ive been working figuring out how to create driver baselines for weeks with no success. I’m having trouble getting the inventory class into SCCM 2012. Can you provide some more details? Thanks

  3. […] default SCCM doesn’t collect drive info. Potent Engineer have a great post about adding driver info to […]

  4. Felix

    Looks clean. What if any impact on HINV if managing 10k endpoints?

    • The only impact is the size of your DB. We inventory over 100 things with HINV, and it runs in about 60 seconds on all of our machines.

  5. Great post Daniel – Many thanks. A couple of queries;
    Do I need to run the script on all client systems? I have only ran it on one by managed to add the custom class to our inventory.
    How long would you expect for it to take for the database to be populated with results? I presume it is dependant on the Hardware Inventory schedule within the default client settings………

    • The scope of clients you want the inventory information on would be who you would target, for both your inventory script as well as client settings to inventory the class. You could target as few or as many as you want. We target all physical workstations for our needs.

      Your hardware inventory cycle schedule does play a part, so it should never take longer than that cycle, plus a little processing time policy to the MP, MP to drop the inventory file, and for the inbox to update and SQL to be injected. We run our HINV daily across all clients so we never expect data to be more than a day or so old.

  6. John Andre Schreuder

    Nice script, WMI class and reports 🙂 Thanks!
    Does the script need to run on a schedule to collect updated information about drivers beeing updated?
    Or is the WMI class dynamic ?

    just looking at the “scriptLastRan” value…


    • Thanks! Yes, the compliance item will need to be re-ran on a schedule to populate new information. We run ours weekly or monthly in some cases.

  7. Your way of explaining the whoe thing in this post is actually nice, all be
    capable of without dificulty know it, Thanks a lot.

  8. Curtis

    Can you give more details on the CI creation? This part has me hung up. I am able to create the class if I run the script manually, but for some reason the CI is not creating the class for the clients. I am able to see that the CI is running, and I can run the CI from the client ad-hoc, but no dice on the WMI class creation. Thoughts?

    • Sorry for the delay! Are you running the script as a monitor, not remediate? Double check your x86/x64 settings as well. We only have x64 clients so we do not check the box to run as x86.

    • I just updated the post with my exact CI export. Give it a try!

  9. Max

    I’m having the same trouble as Curtis. Could you send me a few screenshots of your CI settings?

    • I updated the post with my CI CAB. Give it a try!

      • Max

        It turns out it was an issue with the certificate we used to sign the script. So the CI and baseline are now working when ran manually* but I’m having some trouble with the evaluation schedule. I set a “simple schedule” to run the compliance evaluation every 30 minutes on my test collection but it doesn’t seem to be running at all.

        *Open CM Configurations tab, manually run it by clicking “Evaluate”. The Last Evaluation column updates with the current date and time, the compliance column shows compliant. Open a PowerShell window and run “get-wmiobject win32_pnpsigneddriver_custom | select DeviceName, DriverVersion, ScriptLastRan” the driver version column is updated if a driver was changed and the ScriptLastRan column shows the same info as the Last Evaluation column in the CM Configurations tab.

  10. Anderz

    Hi Daniel, the link gives a 500 – Internal server error…

  11. This is the greatest thing since sliced bread! I love it. Can you share the RDL files of the reports? I would love to use them.

    • Done! They will need to be customized for your needs, but the framework is there!

  12. Nigel Tatchner

    Hi there, i’m not seeing the view in the SCCM DB any clue why it would still be missing after running for a week and over 1000 clients checking in?

Leave a Reply to Daniel Ratliff Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">