Let’s learn how to use SCCM Baseline Powershell Script for File Detection in User Profile. When the Powershell script is used only for detecting certain settings in the device, it is called discovery script in terms of Configuration Item (CI) and Configuration Baseline (CB).
Guys, this is my first post in the HTMD Community, and I will be publishing more posts in the future. Currently, I am working as an SCCM consultant, and I love to talk and write about SCCM Operating System Deployment (OSD), SCCM Infrastructure, and Patching.
When the Powershell Script is used for implementing certain changes in the device after detecting certain settings, it is called remediation Script. This configuration Baseline (CB) helps determine how many devices have a particular file in a specific location and can be modified to use in several practical scenarios.
In today’s blog, I have chosen to detect a file in C:\users\* . This is a bit trickier to find a file inside C:\users\* because the file could be present in multiple user folders.
You have an option to Rerun Discovery Script using SCCM CI and Baseline. The configuration baseline would have to check the existence of a file test.xml located in C:\Users\*\AppData\Local\TestFolder\text.XML and monitor the devices as compliant.
- How to Create SCCM Configuration Items Configuration Baselines
- [Video Guide] SCCM Configuration Item Baseline Step by Step Explained by Deepak Rai
How To Create SCCM Configuration Item (CI)
Let’s create a Configuration Item (CI) for the file detection.
- Open Configuration Manager Console.
- Go to Asset and Compliance -> Compliance Settings -> Configuration Items -> click ‘Create Configuration Item’
Provide the name of the Configuration item and select the option below and click ‘Next.’
Select the operating system version you want to create the CI and click ‘Next.‘ You can use it for Windows 11 and Windows 10 client devices. Also, Rerun Discovery Script using SCCM CI and Baseline on Server operating systems.
Click on the ‘New’ to create new settings.
Provide the name of the setting and select the setting type as Script, Data type as Boolean below and click ‘Add script.’ Here is the Rerun PowerShell Discovery Script using SCCM CI and Baseline.
SCCM CI Discovery Script
Let’s check how to create SCCM CI Discovery Script using the following method and PowerShell script.
Below is the script to detect a file in c:\Users\*\AppData\Local\TestFolder. You can specify your location and filename depending on the scenario and requirement.
Copy-paste the Powershell code in the ‘script’ and click OK.
# HTMD Team
# File detection script in user profile
$FileToDetect = "c:\Users\*\AppData\Local\TestFolder\test.xml"
if (Test-Path $FileToDetect -PathType leaf)
#File exists
{ return $True }
else
#File does not exist
{ return $false }
Click on the ‘Compliance Rules’ tab and click New to create a new rule. You can also create compliance rules as the next step.
Provide Name of the compliance rule and ‘Rule type’ must be selected as Value and ‘The value returned by the specified script must be selected as Equals and ‘the following values’ must be chosen as True.
Click Apply and OK.
Press Next -> Next -> Close to complete.
How To Create SCCM Configuration Baseline (CB)
Now let’s create the Configuration Baseline (CB) and deploy it to detect the folder. This also helps to Rerun PowerShell Discovery Script.
Open Configuration Manager Console. Go to Asset and Compliance -> Compliance Settings -> Configuration Baselines -> click ‘Create Configuration Baseline’
Provide configuration baselines Name. Then click on ‘Add’ and select ‘Configuration Items.’
Find and select the configuration items you created, and press ‘Add’ -> ‘Ok.’
Click Ok to finalize.
SCCM Baseline PowerShell Script Deployment – Rerun PowerShell Discovery Script
To deploy Configuration Baseline, select the configuration Baseline, right-click, and deploy.
Browse and select the collection for the configuration baseline deployment.
Final Thoughts – Rerun PowerShell Discovery Script | Remediation Script
You can add a Remediation Script (optional) to replace or remove the existing file with the latest one stored in a file shared in the network.
The below remediation script would be helpful, and you can try it depending on your scenario.
# HTMD Community
# This script will list out the user profiles in the device and exclude Public, Default, Administrator folders.
# The script will verfiy the file path in my case the AppData\Local\TestFolder\test.xml in all listed users
# The script will replace the older version of the test.xml with the latest version located in the share folder in the network.
$Users = dir "c:\Users" -Directory -Exclude Public, Default, Administrator* | select -ExpandProperty fullname
$FilePath = "AppData\Local\TestFolder\test.xml"
$UserPath = Join-Path -path $Users $filePath
$NewestFile = "\\Server\sharepath\test.xml"
$all_Users = @()
$UserPath | ForEach {
If ((Test-Path -path $_) -eq $true)
{$all_Users += $_}
}
$all_Users | ForEach-Object {
Copy-Item $NewestFile $_ -force -erroraction silentlycontinue
}
exit
Well, that was all for today. I will write about compliant device monitoring in my future blog posts.
Author
Dhanraj Barman is an experienced professional in the IT services field with almost seven years of experience working with SCCM Infrastructure solution, Windows Imaging (OSD), and Microsft Intune. He is currently working as a Consultant helping organizations to a Modern Workplace.
Hi, I created a CB with a similar CI but instead of boolean my script will return a string value query from the file system. May I know how do I view the report of the value returned from the CB by each device?
i have created CI with a script to remove password never expires tick box on a local account and i have added the CI into a baseline , but when i initiate the baseline the tick box not removed , i have tested the script seperately and it works.. so what i am doung wrong here in the baseline?
Script : Get-LocalUser -Name “WksAdmin” | Set-LocalUser -PasswordNeverExpires $False