Using compliance settings to check client boundary group in configuration manager

In the last 2 blog posts, I talked about the SCCM report for missing boundaries and How to find client boundary and boundary group information. These 2 blog post has a dependency on extending the MOF for client boundary group cache.

In this blog post, we will see how to check if the client is missing in the boundary group. This method doesn't need the MOF extension and we query the wmi on the client directly and report the compliance or non-compliant status.

we will use compliance settings (configuration item and configuration baseline) to detect if the client is in the configured boundary group or not.

To know more about boundary groups in configuration manager, please read https://docs.microsoft.com/en-us/configmgr/core/servers/deploy/configure/boundary-groups

I am not going through step-by-step however I will give instructions and steps that are necessary to accomplish the task using compliance settings. Please read this guide to step by step creation of configuration item and configuration baseline  http://eskonr.com/2016/08/sccm-configmgr-how-to-clean-ccmcache-content-older-than-x-days-using-compliance-settings/

we will start creating a configuration item with simple powershell script/

Create configuration item:

image

Create setting:

Setting type: Script

Data type: String

Edit the script and copy the following code.

image

Discovery script (powershell):

$BGIDs=(get-wmiobject -namespace root\ccm\locationservices -class boundarygroupcache -ErrorAction SilentlyContinue).boundarygroupIDs
if (($BGIDs | Measure-Object).count -gt 0)
{
write-host "Compliant"
}
else
{
Write-host "Non-compliant"
}

This script will query wmi class boundarygroucache and find out if there are any boundarygroup ID's. If no boundary group ID then client is not able to find its correct BG assignments.

click ok and next

create new compliance rule

image

Click next to see the summary

image

Click next to finish the configuration item.

image

we will now create configuration baseline and add the configuration item that we created above.

image

Now deploy the baseline to collection:

image

After a while, client receive the policy and evaluate the compliance check , following is the end results.

image

you can check the deployment status using the configuration baseline.

image

You can also view the results from monitoring page or configuration manager reports or create custom reports.

Get started with compliance settings in Configuration Manager

Post Comment