I have another config baseline where write-output seems to work. And the remediation has been defined in the deployed baseline.
From: [email protected] [mailto:[email protected]] On Behalf Of Jerousek, Jeff Sent: Tuesday, March 29, 2016 2:42 PM To: [email protected] Subject: [mssms] RE: Config Baseline Keeps Failing Not sure if it matters but write-host writes to the screen. You may want to use write-output or return instead. You also need to specify remediation in the deployed baseline as well as the compliance item. Thanks, Jeff Jerousek From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Chris Carbone Sent: Tuesday, March 29, 2016 2:20 PM To: '[email protected]' <[email protected]<mailto:[email protected]>> Subject: [mssms] RE: Config Baseline Keeps Failing Or did you mean this? [cid:[email protected]] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Tuesday, March 29, 2016 11:12 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Config Baseline Keeps Failing Sorry, that's not what I'm asking. In the compliance item, on the setting tab (I think), you need to set a value to compare the results of the script to. So what is this configured to? Screenshots work well. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Chris Carbone Sent: Tuesday, March 29, 2016 10:42 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Config Baseline Keeps Failing The value of $null, this is just checking if a registry key exists or not. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Monday, March 28, 2016 3:01 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Config Baseline Keeps Failing What value are comparing against? J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Chris Carbone Sent: Monday, March 28, 2016 2:18 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Config Baseline Keeps Failing Value equals compliant. Box is checked to run the specified remediation script when this setting is noncompliant. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Monday, March 28, 2016 11:55 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Config Baseline Keeps Failing What's the corresponding compliance setting rule? J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Chris Carbone Sent: Monday, March 28, 2016 10:39 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] Config Baseline Keeps Failing And I have no idea why. If I run both of these manually they work fine but in SCCM I keep getting this error. Setting Discovery Error 0x87d00329 Application requirement evaluation or detection failed I have checked the DCMAgent.log, CIAgent.log, and DCMReporting.log and not finding anything that relates to this error. All I am trying to do is detect if a reg key exists or not, and if not to run the remediate script. Discovery script: $tb = Get-Item -Path "HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\" $tb.GetValue("Start_NotifyNewApps") If($tb.GetValue("Start_NotifyNewApps") -eq $null) { write-host "Non-Compliant" } else { write-host "Compliant" } Remediation script: New-ItemProperty 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\' -Name Start_NotifyNewApps -Value 0 -PropertyType DWord -Force This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately. This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately. This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately. This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately. This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately.
