Scripts in SCCM 2007 DCM Configuration Items

Posted Friday, December 14, 2007 2:42 PM by jhuston

DCM in SCCM 2007 allows the administrator to use scripts to detect if a particular configuration item is applicable as well as if a particular setting is valid.  Unfortunately, the documentation that comes with the product does not show how to author the scripts to make it work.  I found the info in the beta version of the SCCM SDK (thanks to Wally Mead for the clue) and I wanted to share with you what I've found.

Detection Method Scripts

For Application configuration items, you can specify a script to determine if an application is installed (as opposed to an MSI installation GUID).  To do that, simply create a script that returns any kind of text.  If text is returned, DCM believes that the application is installed.  If no text is returned, DCM believes that the application is not installed.

For example, I've created a configuration item that ensures that any Intel NICs installed in Windows XP workstations is set to AUTO.  In order to do this, I need to know if the Intel NIC is installed.  I use the following script to do this:

Set WMI = GetObject("winmgmts:\\.\root\cimv2")
Set RS = WMI.ExecQuery("SELECT * FROM Win32_PNPEntity WHERE DeviceID like 'PCI\\VEN_8086&DEV_109A%'")
If RS.Count > 0 Then WScript.Echo "Device Found"

You can see that if a matching device is found, text is returned, causing DCM to continue processing the configuration item.

Setting Scripts

For setting validation scripts, DCM treats text returned as the "value" of the script.  This is similar to looking at a REG_SZ registry key.  You can evaluate based on the specific text returned to return an Information, Warning, or Error level event.  In addition, you can ensure that some string is returned by setting the Report a non-compliance event if the instance count fails and set the requirement to be Greater than 0.

For the same example, here is the script used:

'This script will check the speed duplex setting
'
DeviceIDs = Array("pci\ven_8086&dev_109a")
'
Set REG = GetObject("winmgmts://./root/default:StdRegProv")
'
Const HKLM = &H80000002
Const Root = "SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}"
'
'Enum configuration subkeys
REG.EnumKey HKLM, Root, ConfigKeys
'
'Look for matching device id
For Each ConfigKey in ConfigKeys
 MDID = ""
 On Error Resume Next
 REG.GetStringValue HKLM, Root & "\" & ConfigKey, "MatchingDeviceID", MDID
 On Error Goto 0
 For Each DID in DeviceIDs
  If Left(UCase(MDID),Len(DID)) = UCase(DID) Then

'Check the speed setting here
   REG.GetStringValue HKLM, Root & "\" & ConfigKey, "SpeedDuplex", SD
   If SD = "0" Then
    WScript.Echo "Set correctly"
   End If
  End If
 Next
Next

For the Validation tab, I'm checking that the string returned is "Set correctly" and that there is at least 1 string returned.

Hope that this helps!

Filed under:

Comments

# Job Search: Build a Career, Job Listings, Employment » Scripts in SCCM 2007 DCM Configuration Items

Friday, December 14, 2007 9:08 PM by Job Search: Build a Career, Job Listings, Employment » Scripts in SCCM 2007 DCM Configuration Items

Pingback from  Job Search: Build a Career, Job Listings, Employment » Scripts in SCCM 2007 DCM Configuration Items

# re: Scripts in SCCM 2007 DCM Configuration Items

Thursday, March 17, 2011 11:00 AM by THX

jhuston: Great article.

Just to confirm your findings...In your above example, wouldn't you want to report a non-compliance event if the instance count fails and set the requirement to be EQUAL to 0?

The reason I ask is because if something is returned then the instance count will be 1 and therefore considered compliant.

If nothing is returned then the instance count remains equal to 0 and thus should be considered non-compliant.

Thoughts?