Using Asset ID for IT Asset Management (ITAM) with K2

Asset ID in K2 QR code

There are various ways to identify computers uniquely based on hardware properties. In particular, a MAC address or a hardware Serial Number typically are unique across all computers and are readily available in any systems containing computer records. K2 uses these properties as well as others to maintain a unique ID for each computer.

However, when integrating different IT Asset Management technologies, each system might gather different hardware properties making it difficult to connect records. For this reason some organizations create unique Asset IDs which are not necessarily based on hardware. Managing Asset IDs requires extra overhead but help to ensure consistent identification and integration. K2 implements multiple ways to populate and manage Asset IDs – the best approach will depend on your management practices. Note that Asset IDs are not required by K2.

Two basic ways to populate Asset ID

In K2, the Asset ID property of a computer record can contain data that originated either from the client computer, or from a K2 Admin using KeyConfigure to fill in this data. By default, any Asset ID gathered by KeyAccess will overwrite the current value in the K2 database – whether the old value came from KeyAccess or was manually entered using KeyConfigure. Usually if you are entering data manually, you will want to ensure that it does not get overwritten – to do this, check the “Locked” checkbox, which will prevent any further automatic changes to any fields in the Asset pane. The Computer Details documentation has information on manually populating, confirming, and locking the Asset ID value for either a Macintosh or Windows Computer.

Asset ID on client

KeyAccess on Mac looks for a key named assetID in:

/Library/Preferences/com.sassafras.KeyAccess.plist
  • if there is no assetID key or the value is empty, nothing is sent to KeyServer
  • otherwise, the value of assetID in the plist is sent to KeyServer

KeyAccess on Windows looks for a key named assetID in:

HKLM\SYSTEM\CurrentControlSet\Services\KeyAccess\Settings\options\
  • if there is no assetID key or the value is empty, KeyAccess uses WMI, looking for an instance of Win32_SystemEnclosure with a value for SMBIOSAssetTag. If such a value is found in WMI, KeyAccess sends this to KeyServer
  • if the value is ‘-‘, nothing is sent to KeyServer
  • otherwise, the value of assetID in the registry is sent to KeyServer

Note that the SMBIOSAssetTag on Windows might not be filled in. On some computers it simply contains the Serial Number of the computer, or some component hardware. On other computers it is actually a unique Asset ID which can’t be found in other locations of the registry/WMI. Finally, some computers have a static value such as “ASSET TAG” that is not unique whatsoever. If you find that the value gathered from WMI is either non-unique or not the actual Asset ID value, you might wish to customize the Windows KeyAccess installer so that a dash is copied into the registry and clients will not consult WMI for the Asset ID.

Customizing the Windows client installer

The client installer can be customized to fill in the Asset ID key during installation. In practice this customization is most useful for populating a ‘-‘ on Windows, in order to ensure that WMI is not consulted. Generally, the Asset ID is meant to be unique on each computer – so using k2clientconfig would be inefficient, requiring separate customized installers for each computer. Assuming the installer and the k2clientconfig utility are both at the root of the C:\ drive, the command line is:

C:\k2clientconfig.exe -v PROP_ASSETID='-' C:\K2Client.exe

Of course you might also be using k2clientconfig for other site specific customization, such as prepopulating the KeyServer address. Refer to the k2clientconfig documentation for all the available options. Note that if a value already exists for assetID in the registry, it will not be overwritten during installation of a customized client installer.

Populating Asset ID values on client computers without k2clientconfig

The Asset ID in the registry or plist on each client computer can be changed at any point in time, by any means. Each time KeyAccess logs in to KeyServer, it will look for an Asset ID and send one to KeyServer if one can be found. Any value sent to KeyServer will be entered in the database record for that client unless the Locked checkbox has been set. One natural way to get the correct value into the registry or plist would be to fill it in during an image deployment script or login script. For example, if the Asset ID exists elsewhere on the computer, such as in some other location in the registry, in WMI, or in Active Directory, a script could copy it from wherever it has already been seeded into the location where KeyAccess looks for it.

Summary

Before you start to use Asset IDs for computers in K2, you should consider:

  • whether you truly need them, or whether one of the other hardware properties gathered by KeyAccess is sufficient
  • whether you want to suppress the Win32_SystemEnclosure->SMBIOSAssetTag from all client computers
  • whether you have a way to automate population of unique Asset ID values in the appropriate key of each client’s registry or plist
  • whether to lock any Asset IDs that you populate manually in KeyConfigure

Asset IDs are never necessary when working strictly in K2. Further, K2 computer records can be linked to other systems using common hardware properties such as MAC address or Serial Numbers. However, some organizations might still need to associate an Asset ID with each computer. We have provided flexibility in how Asset IDs can be handled in K2, should you choose to use them.

Tags:

No comments yet.

Leave a Reply