SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script

Let’s learn how to use SCCM Baseline Powershell Script for File Detection in User Profile. When the Powershell script is used only for detecting certain settings in the device, it is called discovery script in terms of Configuration Item (CI) and Configuration Baseline (CB).

Guys, this is my first post in the HTMD Community, and I will be publishing more posts in the future. Currently, I am working as an SCCM consultant, and I love to talk and write about SCCM Operating System Deployment (OSD), SCCM Infrastructure, and Patching.

When the Powershell Script is used for implementing certain changes in the device after detecting certain settings, it is called remediation Script. This configuration Baseline (CB) helps determine how many devices have a particular file in a specific location and can be modified to use in several practical scenarios.

In today’s blog, I have chosen to detect a file in C:\users\* . This is a bit trickier to find a file inside C:\users\* because the file could be present in multiple user folders.

Patch My PC

You have an option to Rerun Discovery Script using SCCM CI and Baseline. The configuration baseline would have to check the existence of a file test.xml located in C:\Users\*\AppData\Local\TestFolder\text.XML and monitor the devices as compliant.

How To Create SCCM Configuration Item (CI)

Let’s create a Configuration Item (CI) for the file detection.

  • Open Configuration Manager Console.
  • Go to Asset and Compliance -> Compliance Settings -> Configuration Items -> click ‘Create Configuration Item

Provide the name of the Configuration item and select the option below and click ‘Next.’

SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script
SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script

Select the operating system version you want to create the CI and click ‘Next.‘ You can use it for Windows 11 and Windows 10 client devices. Also, Rerun Discovery Script using SCCM CI and Baseline on Server operating systems.

Adaptiva
Configuration Item Windows Version – SCCM Baseline Powershell Script For File Detection
Configuration Item Windows Version – SCCM Baseline Powershell Script For File Detection

Click on the ‘New’ to create new settings.

SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script
SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script

Provide the name of the setting and select the setting type as Script, Data type as Boolean below and click ‘Add script.’ Here is the Rerun PowerShell Discovery Script using SCCM CI and Baseline.

Create Settings > Add Discovery Script - SCCM Baseline Powershell Script For File Detection
Create Settings > Add Discovery Script – SCCM Baseline Powershell Script For File Detection. Rerun PowerShell Discovery Script using SCCM CI and Baseline

SCCM CI Discovery Script

Let’s check how to create SCCM CI Discovery Script using the following method and PowerShell script.

Below is the script to detect a file in c:\Users\*\AppData\Local\TestFolder. You can specify your location and filename depending on the scenario and requirement.

Copy-paste the Powershell code in the ‘script’ and click OK.

# HTMD Team
# File detection script in user profile

$FileToDetect = "c:\Users\*\AppData\Local\TestFolder\test.xml"
if (Test-Path $FileToDetect -PathType leaf) 
#File exists
{ return $True }
else
#File does not exist
{ return $false }
Review Discovery Script - SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script
Review Discovery Script – SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script

Click on the ‘Compliance Rules’ tab and click New to create a new rule. You can also create compliance rules as the next step.

SCCM Baseline Powershell Script For File Detection
SCCM Baseline Powershell Script For File Detection

Provide Name of the compliance rule and ‘Rule type’ must be selected as Value and ‘The value returned by the specified script must be selected as Equals and ‘the following values’ must be chosen as True.

Click Apply and OK.

SCCM Baseline Powershell Script For File Detection Rerun PowerShell Discovery Script using SCCM CI and Baseline
SCCM Baseline Powershell Script For File Detection | Rerun PowerShell Discovery Script using SCCM CI and Baseline

Press Next -> Next -> Close to complete.

SCCM Configuration Item Created Successfully
SCCM Configuration Item Created Successfully

How To Create SCCM Configuration Baseline (CB)

Now let’s create the Configuration Baseline (CB) and deploy it to detect the folder. This also helps to Rerun PowerShell Discovery Script.

Open Configuration Manager Console. Go to Asset and Compliance -> Compliance Settings -> Configuration Baselines -> click ‘Create Configuration Baseline’

Provide configuration baselines Name. Then click on ‘Add’ and select ‘Configuration Items.’

Select Configuration Items Rerun PowerShell Discovery Script using SCCM CI and Baseline
Select Configuration Items Rerun PowerShell Discovery Script using SCCM CI and Baseline

Find and select the configuration items you created, and press ‘Add’ -> ‘Ok.’

Configuration Baselines – SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script
Configuration Baselines – SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script

Click Ok to finalize.

Configuration Baselines Rerun PowerShell Discovery Script using SCCM CI and Baseline
Configuration Baselines Rerun PowerShell Discovery Script using SCCM CI and Baseline

SCCM Baseline PowerShell Script Deployment – Rerun PowerShell Discovery Script

To deploy Configuration Baseline, select the configuration Baseline, right-click, and deploy.

SCCM Baseline PowerShell Script Deployment - Rerun PowerShell Discovery Script
SCCM Baseline PowerShell Script Deployment – Rerun PowerShell Discovery Script

Browse and select the collection for the configuration baseline deployment.

SCCM Baseline PowerShell Script Deployment
SCCM Baseline PowerShell Script Deployment

Final Thoughts – Rerun PowerShell Discovery Script | Remediation Script

You can add a Remediation Script (optional) to replace or remove the existing file with the latest one stored in a file shared in the network.

The below remediation script would be helpful, and you can try it depending on your scenario.

# HTMD Community
# This script will list out the user profiles in the device and exclude Public, Default, Administrator folders.
# The script will verfiy the file path in my case the AppData\Local\TestFolder\test.xml in all listed users
# The script will replace the older version of the test.xml with the latest version located in the share folder in the network.
 
$Users = dir "c:\Users" -Directory -Exclude Public, Default, Administrator* | select -ExpandProperty fullname
$FilePath = "AppData\Local\TestFolder\test.xml"
$UserPath = Join-Path -path $Users $filePath
$NewestFile = "\\Server\sharepath\test.xml"

$all_Users = @()

$UserPath | ForEach {
    If ((Test-Path -path $_) -eq $true)
        {$all_Users += $_}
    }

$all_Users | ForEach-Object {
        Copy-Item $NewestFile $_ -force -erroraction silentlycontinue
    }
   exit

Well, that was all for today. I will write about compliant device monitoring in my future blog posts.

Author

Dhanraj Barman is an experienced professional in the IT services field with almost seven years of experience working with SCCM Infrastructure solution, Windows Imaging (OSD), and Microsft Intune. He is currently working as a Consultant helping organizations to a Modern Workplace.

1 thought on “SCCM Baseline Powershell Script for File Detection in User Profile | Rerun Discovery Script”

  1. Hi, I created a CB with a similar CI but instead of boolean my script will return a string value query from the file system. May I know how do I view the report of the value returned from the CB by each device?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.