In part 2 (Part 2 – Apple OSX MP -The compiling and installing of the OMI agent on your Mac) we got the OMI agent running on our Apple Mac and were able to query it with the OMI client. No we will go one step further and do some cross-platform querying with Powershell.

First of all make sure you are running at lease Powershell version 3.0. Earlier versions of Powershell do not contain the Get-CimInstance commandlet which we need to query OMI.

We also need to make sure we can resolve our Mac by FQDN. In my test lab I just added the my Mac to the hosts file so that I can resolve and ping demos-mac.local.

So lets try to connect to OMI by using the following Powershell script:

$username = “root”

$password = “*********”

$secstr = New-Object -TypeName System.Security.SecureString

$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}

 

$Cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr

 

$Session = New-CimSession -ComputerName demos-Mac.local -Authentication Basic -Credential $Cred

Get-CimInstance -CimSession $Session -ClassName OMI_Identify -Namespace root/omi

 

Personally I like to use the Poweshell ISE that comes standard with Windows, so I plugged the code into the code Window and hit run.


… Oh dear, Powershell spat out lots of angry red errors at us. At this point we have a few options:

1. Allow encrypted traffic from the Windows Computer from which we are running the Powershell Script.

2. Import the certificates generated by the OMI Agent.

3. Generate your own certificates.

In this blog I will go for the second option, and import the Certificates generated by the OMI agent. To import the certificates from the OMI agents we need to convert and export them from the machine on which the OMI agent is installed.

First browse to the directory in which OIM is installed, in my case /opt/omi1.0.7/etc/ssl/certs

OpenSSL can combine a separate certificate (usercert.pem or usercert.cer) and private key file (userkey.pem) into PKCS12 format using the pkcs12 command:

sudo openssl pkcs12 -export -out omikey.p12 -in ./omi.pem -inkey ./omikey.pem


After executing the previous command you should have a new omikey.p12 file.

On the Windows machine open a certificate mmc snapin which displays the certificates for the computer account.


Import the omikey.p12 into the Trusted Root Certification Authoroties.


Before we run the Powershell script again we need to make a few changes. First add the line:

$options = New-CimSessionOption -UseSsl -SkipCACheck

and add -SessionOption $options to the end of the following line:

$Session = New-CimSession -ComputerName demos-Mac.local -Authentication Basic -Credential $Cred

The script now looks like:

$username = “root”

$password = “*********”

 

$secstr = New-Object -TypeName System.Security.SecureString

$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}

 

$Cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr

$options = New-CimSessionOption -UseSsl -SkipCACheck

$Session = New-CimSession -ComputerName demos-Mac.local -Authentication Basic -Credential $Cred -SessionOption $options

Get-CimInstance -CimSession $Session -ClassName OMI_Identify -Namespace root/omi

 

Lets see what the output is of this script:


Awsome! We just connected to our Mac using WinRM!