Here’s a quick post about how to invoke/trigger evaluation for a baseline on a client remotely.
It follows the same principal as invoking any evaluation in SCCM through WMI classes. I talked about it a little bit in my previous post SCCM and Powershell! adding nodes to a collection and trigger evaluation and if you want to trigger just the evaluation for deployments or hardware inventory etc you can do that.
But for this post i would just like to show a powershell function that i called Invoke-BLEvaluation which invokes Baseline evaluation, either all of them or specific ones as long as you know their name.
If you want to do this against a collection in ConfigMgr you can find out how here
function Invoke-BLEvaluation
{
param (
[String][Parameter(Mandatory=$true, Position=1)] $ComputerName,
[String][Parameter(Mandatory=$False, Position=2)] $BLName
)
If ($BLName -eq $Null)
{
$Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
}
Else
{
$Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -like $BLName}
}
$Baselines | % {
([wmiclass]"\\$ComputerName\root\ccm\dcm:SMS_DesiredConfiguration").TriggerEvaluation($_.Name, $_.Version)
}
}
Call Example for a specific computer called SD010 and baseline called “Important Baseline for Servicedesk”
Invoke-BLEvaluation -ComputerName SD010 -BLName "Important Baseline for Servicedesk"
And when you run it it will appear like this
Or if you just want to call all of the baselines deployed to the computer you can ignore the -BLName parameter like this
Invoke-BLEvaluation -ComputerName SD010
It will look something like this when its ran successfully from the ISE and since i have 3 baselines for this machine deployed it will invoke them one by one
UPDATE 21/7/2017
A few people have reported in the comments that they saw issues when trying to run the script and just got an error code like this
“Exception calling “TriggerEvaluation” : “”
At line:3 char:2
+ ([wmiclass]”\\$ComputerName\root\ccm\dcm:SMS_DesiredConfiguration”).TriggerEval …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WMIMethodException “
And as Bob Young pointed out in the comments it looks like thats because the property IsMachineTarget = False
Sadly there’s like zero documentation from Microsoft about the class SMS_DesiredConfiguration but after some investigation and testing I found that IsMachineTarget seems to be set by this setting on
the configuration item “Run Scripts by using the logged on user credentials”
When this setting is checked the IsMachineTarget = False and when its not checked its IsMachineTarget = True
So by the looks of things if you want to have this setting checked you cant trigger the evaluation with this script and that’s because on how the WMI method handles request, apparently its different when it runs under user context.
Until next time,
Cheers Timmy
I’ve been getting the following error. Could you please help me with this?
Exception calling “TriggerEvaluation” : “”
At line:18 char:2
+ ([wmiclass]”\$ComputerNamerootccmdcm:SMS_DesiredConfiguration”).TriggerEval …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WMIMethodException
Hey Thomas, Is the Configuration Manager Agent installed on the remote computer you are trying to invoke a baseline evaluation on ? If yes try grabbing the script from here and try again. https://gallery.technet.microsoft.com/Invoke-baseline-evaluation-c70a107e?redir=0
I had the same issues and saw that if IsMachineTarget was set to False it failed if True it didn’t
Try this small change.
function Invoke-BLEvaluation { param ( [String][Parameter(Mandatory=$true, Position=1)] $ComputerName, [String][Parameter(Mandatory=$False, Position=2)] $BLName ) If ($BLName -eq $Null) { $Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace rootccmdcm -Class SMS_DesiredConfiguration } Else { $Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace rootccmdcm -Class SMS_DesiredConfiguration | Where-Object {($_.IsMachineTarget -eq $true) -and ($_.DisplayName -match $BLName )} } If ($Baselines) { $Baselines | % { ([wmiclass]"\$ComputerNamerootccmdcm:SMS_DesiredConfiguration").TriggerEvaluation($_.Name, $_.Version).returnValue } } Else { Return $False } }Hey Bob,
Thanks for the script, I did some investigation and found whats determine the property IsMachineTarget = True/False and will update the post with that info.
There’s a bug in the script on Technet.
This line:
$Computers = $Members.resourceid
should be:
$Computers = $Members.Name
Thanks for the info, I’ll update the script.
Thanks for the post.
Im running a registry key check compliance item but i cant find the “run scripts using the logged on user credentials” check box.
This seems to be coming only for compliance items that uses scripts.
Im still getting the below error, Can someone help?
Exception calling “TriggerEvaluation” : “”
At line:18 char:2
+ ([wmiclass]”$ComputerNamerootccmdcm:SMS_DesiredConfiguration”).TriggerEval …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WMIMethodException
I was not able to force eval of all Baselines by simply omitting -BLName. I had to specify -BLName “*”
Just a follow-up. The script can be fixed with modifying to: If ($BLName -eq “”)
Hi Timmy, Thanks for the blog that is really useful for me.
also i need to perform the counts of the check that specific baseline is doing. Actually i am getting many mismatch of the counts from SCCM side and from the client side.
i have approx 10k server where getting this issue. not sure i can do this using powershell or not (initially i need to do the count of the checks )
Please help if we have anything to do the count of checks.
Thanks in Advance
I have found that when your baseline contains registry updates (i.e. there is no scripting), the IsMachineTarget = False will be set if you are using a CURRENT_USER registry entry. That appears in the CI listing as USER SETTING=Yes. I drop the CURRENT_USER keys and the script runs perfectly. That being said do you think that there is a way to have CURRENT_USER registry keys and IsMachineTarget is NOT False?
Just really helped me get a CI out there fast, thanks a lot! Minor suggestion, if you move the filter into the query instead of filtering after, you’ve save some time in the execution of the script. Depending on how many baselines the target system has, it could be anywhere from a few milliseconds to a few seconds, but it’s a real time saver when you’re doing this is bulk.
The difference is basically that you’re only returning the values you’re looking for from WMI instead of getting all of the baselines back from WMI and then filtering them after they’ve all returned.
Existing line:
$Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -like $BLName}
Suggested Edit:
$Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration -Filter “DisplayName like ‘$BLNAME'”
How can I run the script on multiple computers at once? We have one basline to trigger personal software installation during the staging process. And this script works really really well, so thank you a lot! I am looking to run it only once for 200 devices or so. Tried it some ways. Failed. I am a Powershell noob.