I've had a chance recently to work with SCCM 2007 Desired Configuration Management. If you've worked with DCM, you'll know that you need to create Configuration Items to detect the existence of software, registry key, DLL, etc to determine computer compliance.

Some CIs are easy, others may require some custom code, such as how do I detect whether a computer is pending a reboot. And, how do I integrate that script with DCM.

First, start by creating a DCM Configuration Item:

Select the settings tab, new VBScript, then open and add the script below this dialog:

Note the comments, returns TRUE if computer needs a reboot.

The script itself is fairly simple, the magic occurs with the:

wscript.echo "TRUE"

or

wscript.echo "FALSE"

statements, passed in the form of

Wscript.Echo strReturn

the CI interprets the return statement value and acts on that information.

VBScript:

'

Const HKEY_LOCAL_MACHINE = &H80000002

Const REG_MULTI_SZ = 7

strComputer = "."

strReturn = "FALSE"

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_

    strComputer & "\root\default:StdRegProv")

strKeyPath = "SYSTEM\CurrentControlSet\Control\Session Manager"

strValueName = "PendingFileRenameOperations"

oReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,arrValues

If Not IsNull(arrValues) Then

  For Each strValue In arrValues

' Reboot needed if any values in the PendingFileRenameOperations key

' Return TRUE

      strReturn = "TRUE"

      Wscript.Echo strReturn

      Wscript.exit

  Next

Else

' Reboot not needed

     Wscript.Echo strReturn

End If

' end script

Then, select the Validation tab, note that if the VBScript returns FALSE, do not take action. The non-compliance event will occur when anything other than FALSE is returned, and the Severity level is set to Error.

Save this configuration item, add it to a baseline, then apply the baseline it to a collection.