[mssms] RE: Config Baseline Keeps Failing

[Jerousek, Jeff]

Do you have this checked, since you are using the HKCU key?

[cid:image001.png@01D18A78.78308790]

Thanks,
Jeff Jerousek

From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On 
Behalf Of Brucker, Chris
Sent: Tuesday, March 29, 2016 4:56 PM
To: ms...@lists.myitforum.com
Subject: [mssms] RE: Config Baseline Keeps Failing

I can confirm that Write-Host does work. This is a baseline detection script 
that I am using to remove Skype4Business Helper:
officePaths = 'C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.DLL', 
'C:\Program Files\Microsoft Office\Office15\OCHelper.DLL'
$regPaths = 'HKLM:\SOFTWARE\Wow6432Node', 'HKLM:\SOFTWARE'
$OCHelperInstalled = $false
$bhoInstalled = $false
$extensionsInstalled = $false

foreach ($officePath in $officePaths) {
                if (Test-Path -Path $officePath) {
                                $OCHelperInstalled = $true
                }
}

foreach ($regPath in $regPaths) {
                if (Test-Path -Path 
"$regPath\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 
Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}") {
                                $bhoInstalled = $true
                }
                if (Test-Path -Path "$regPath\Microsoft\Internet 
Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}") {
                                $extensionsInstalled = $true
                }
}

if (($OCHelperInstalled) -or ($bhoInstalled) -or ($extensionsInstalled)) {

} else {
                Write-Host 'Removed'
}

This is what the Compliance Rule looks like:
[cid:image002.png@01D18A78.1C9BB490]

I could have simplified this process and returned $true or $false for 
compliant/ not-compliant. This would tell DCM to look for a Boolean value 
rather than having to do a string comparison.

$tb = Get-Item -Path 
"HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"
$tb.GetValue("Start_NotifyNewApps")

If($tb.GetValue("Start_NotifyNewApps") -eq $null)
{
                Return $false

}
else
{
                Return $true
}

Hope this helps...

Thanks,
Chris Brucker

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Chris Carbone
Sent: Tuesday, March 29, 2016 4:16 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: Config Baseline Keeps Failing

I have another config baseline where write-output seems to work. And the 
remediation has been defined in the deployed baseline.

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Jerousek, Jeff
Sent: Tuesday, March 29, 2016 2:42 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: Config Baseline Keeps Failing

Not sure if it matters but write-host writes to the screen. You may want to use 
write-output or return instead.

You also need to specify remediation in the deployed baseline as well as the 
compliance item.

Thanks,
Jeff Jerousek

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Chris Carbone
Sent: Tuesday, March 29, 2016 2:20 PM
To: 'ms...@lists.myitforum.com' 
<ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>>
Subject: [mssms] RE: Config Baseline Keeps Failing

Or did you mean this?

[cid:image001.png@01D189C7.1C732360]

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Tuesday, March 29, 2016 11:12 AM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: Config Baseline Keeps Failing

Sorry, that's not what I'm asking. In the compliance item, on the setting tab 
(I think), you need to set a value to compare the results of the script to. So 
what is this configured to? Screenshots work well.

J

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Chris Carbone
Sent: Tuesday, March 29, 2016 10:42 AM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: Config Baseline Keeps Failing

The value of $null, this is just checking if a registry key exists or not.

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Monday, March 28, 2016 3:01 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: Config Baseline Keeps Failing

What value are comparing against?

J

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Chris Carbone
Sent: Monday, March 28, 2016 2:18 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: Config Baseline Keeps Failing

Value equals compliant. Box is checked to run the specified remediation script 
when this setting is noncompliant.





From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Monday, March 28, 2016 11:55 AM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: Config Baseline Keeps Failing

What's the corresponding compliance setting rule?

J

From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> 
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Chris Carbone
Sent: Monday, March 28, 2016 10:39 AM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] Config Baseline Keeps Failing

And I have no idea why. If I run both of these manually they work fine but in 
SCCM I keep getting this error.
Setting Discovery Error 0x87d00329 Application requirement evaluation or 
detection failed

I have checked the DCMAgent.log, CIAgent.log, and DCMReporting.log and not 
finding anything that relates to this error.

All I am trying to do is detect if a reg key exists or not, and if not to run 
the remediate script.

Discovery script:

$tb = Get-Item -Path 
"HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"
$tb.GetValue("Start_NotifyNewApps")

If($tb.GetValue("Start_NotifyNewApps") -eq $null)
{
                write-host "Non-Compliant"

}
else
{
                write-host "Compliant"
}


Remediation script:

New-ItemProperty 
'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\' -Name 
Start_NotifyNewApps -Value 0 -PropertyType DWord -Force


This electronic mail transmission may contain confidential information intended 
only for the use of the individual(s) identified as addressee(s). If you are 
not the intended recipient, you are hereby notified that any disclosure, 
copying, distribution or the taking of any action in reliance on the contents 
of this electronic mail transmission is strictly prohibited. If you have 
received this transmission in error, please notify me by telephone immediately.


This electronic mail transmission may contain confidential information intended 
only for the use of the individual(s) identified as addressee(s). If you are 
not the intended recipient, you are hereby notified that any disclosure, 
copying, distribution or the taking of any action in reliance on the contents 
of this electronic mail transmission is strictly prohibited. If you have 
received this transmission in error, please notify me by telephone immediately.


This electronic mail transmission may contain confidential information intended 
only for the use of the individual(s) identified as addressee(s). If you are 
not the intended recipient, you are hereby notified that any disclosure, 
copying, distribution or the taking of any action in reliance on the contents 
of this electronic mail transmission is strictly prohibited. If you have 
received this transmission in error, please notify me by telephone immediately.


This electronic mail transmission may contain confidential information intended 
only for the use of the individual(s) identified as addressee(s). If you are 
not the intended recipient, you are hereby notified that any disclosure, 
copying, distribution or the taking of any action in reliance on the contents 
of this electronic mail transmission is strictly prohibited. If you have 
received this transmission in error, please notify me by telephone immediately.


This electronic mail transmission may contain confidential information intended 
only for the use of the individual(s) identified as addressee(s). If you are 
not the intended recipient, you are hereby notified that any disclosure, 
copying, distribution or the taking of any action in reliance on the contents 
of this electronic mail transmission is strictly prohibited. If you have 
received this transmission in error, please notify me by telephone immediately.

________________________________
The information contained in this message from First Financial Bancorp or its 
affiliates and any attachments are confidential. It is not intended for 
transmission to, or receipt by, anyone other than the addressee(s), or a person 
authorized to deliver it to the named addressee(s). If you have received this 
message in error, you are prohibited from copying, distributing or using the 
information. Please contact the sender immediately by return email and delete 
the original message.