In the last 2 blog posts, I talked about the SCCM report for missing boundaries and How to find client boundary and boundary group information. These 2 blog post has a dependency on extending the MOF for client boundary group cache.
In this blog post, we will see how to check if the client is missing in the boundary group. This method doesn't need the MOF extension and we query the wmi on the client directly and report the compliance or non-compliant status.
we will use compliance settings (configuration item and configuration baseline) to detect if the client is in the configured boundary group or not.
To know more about boundary groups in configuration manager, please read https://docs.microsoft.com/en-us/configmgr/core/servers/deploy/configure/boundary-groups
I am not going through step-by-step however I will give instructions and steps that are necessary to accomplish the task using compliance settings. Please read this guide to step by step creation of configuration item and configuration baseline http://eskonr.com/2016/08/sccm-configmgr-how-to-clean-ccmcache-content-older-than-x-days-using-compliance-settings/
we will start creating a configuration item with simple powershell script/
Create configuration item:
Create setting:
Setting type: Script
Data type: String
Edit the script and copy the following code.
Discovery script (powershell):
$BGIDs=(get-wmiobject -namespace root\ccm\locationservices -class boundarygroupcache -ErrorAction SilentlyContinue).boundarygroupIDs
if (($BGIDs | Measure-Object).count -gt 0)
{
write-host "Compliant"
}
else
{
Write-host "Non-compliant"
}
This script will query wmi class boundarygroucache and find out if there are any boundarygroup ID's. If no boundary group ID then client is not able to find its correct BG assignments.
click ok and next
create new compliance rule
Click next to see the summary
Click next to finish the configuration item.
we will now create configuration baseline and add the configuration item that we created above.
Now deploy the baseline to collection:
After a while, client receive the policy and evaluate the compliance check , following is the end results.
you can check the deployment status using the configuration baseline.
You can also view the results from monitoring page or configuration manager reports or create custom reports.