SCCM and Powershell – Invoke Baseline evaluation on client

Here’s a quick post about how to invoke/trigger evaluation for a baseline on a client remotely.

It follows the same principal as invoking any evaluation in SCCM through WMI classes. I talked about it a little bit in my previous post SCCM and Powershell! adding nodes to a collection and trigger evaluation and if you want to trigger just the evaluation for deployments or hardware inventory etc you can do that.

But for this post i would just like to show a powershell function that i  called Invoke-BLEvaluation which invokes Baseline evaluation, either all of them or specific ones as long as you know their name.

If you want to do this against a collection in ConfigMgr you can find out how here





function Invoke-BLEvaluation
{
 param (
 [String][Parameter(Mandatory=$true, Position=1)] $ComputerName,
 [String][Parameter(Mandatory=$False, Position=2)] $BLName
 )
 If ($BLName -eq $Null)
{
 $Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
}
 Else
{
 $Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -like $BLName}
}

$Baselines | % {

 ([wmiclass]"\\$ComputerName\root\ccm\dcm:SMS_DesiredConfiguration").TriggerEvaluation($_.Name, $_.Version) 

}

}

 

Call Example for a specific computer called SD010 and baseline called “Important Baseline for Servicedesk”


Invoke-BLEvaluation -ComputerName SD010 -BLName "Important Baseline for Servicedesk"

And when you run it it will appear like this

TriggerBL

Or if you just want to call all of the baselines deployed to the computer you can ignore the -BLName parameter like this


Invoke-BLEvaluation -ComputerName SD010

It will look something like this when its ran successfully from the ISE and since i have 3 baselines for this machine deployed it will invoke them one by one

triggerbl2

UPDATE 21/7/2017

A few people have reported in the comments that they saw issues when trying to run the script and just got an error code like this

“Exception calling “TriggerEvaluation” : “”
At line:3 char:2
+ ([wmiclass]”\\$ComputerName\root\ccm\dcm:SMS_DesiredConfiguration”).TriggerEval …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WMIMethodException “

And as Bob Young pointed out in the comments it looks like thats because the property IsMachineTarget = False

Sadly there’s like zero documentation from Microsoft about the class SMS_DesiredConfiguration but after some investigation and testing I found that IsMachineTarget seems to be set by this setting on

the configuration item “Run Scripts by using the logged on user credentials”

When this setting is checked the IsMachineTarget = False and when its not checked its IsMachineTarget = True

So by the looks of things if you want to have this setting checked you cant trigger the evaluation with this script and that’s because on how the WMI method handles request, apparently its different when it runs under user context.

Until next time,

Cheers Timmy

13 comments

  1. I’ve been getting the following error. Could you please help me with this?

    Exception calling “TriggerEvaluation” : “”
    At line:18 char:2
    + ([wmiclass]”\$ComputerNamerootccmdcm:SMS_DesiredConfiguration”).TriggerEval …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WMIMethodException

    1. I had the same issues and saw that if IsMachineTarget was set to False it failed if True it didn’t
      Try this small change.

      function Invoke-BLEvaluation
      {
       param (
       [String][Parameter(Mandatory=$true, Position=1)] $ComputerName,
       [String][Parameter(Mandatory=$False, Position=2)] $BLName
       )
       If ($BLName -eq $Null)
      {
       $Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace rootccmdcm -Class SMS_DesiredConfiguration
      }
       Else
      {
       $Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace rootccmdcm -Class SMS_DesiredConfiguration | Where-Object {($_.IsMachineTarget -eq $true) -and ($_.DisplayName -match $BLName )}
      }
      If ($Baselines)
      {
          $Baselines | % {
       
           ([wmiclass]"\$ComputerNamerootccmdcm:SMS_DesiredConfiguration").TriggerEvaluation($_.Name, $_.Version).returnValue 
       
          }
       }
       Else
       {
          Return $False
       }
      }
      
      
      1. Hey Bob,

        Thanks for the script, I did some investigation and found whats determine the property IsMachineTarget = True/False and will update the post with that info.

  2. There’s a bug in the script on Technet.
    This line:
    $Computers = $Members.resourceid
    should be:
    $Computers = $Members.Name

  3. Thanks for the post.
    Im running a registry key check compliance item but i cant find the “run scripts using the logged on user credentials” check box.
    This seems to be coming only for compliance items that uses scripts.
    Im still getting the below error, Can someone help?

    Exception calling “TriggerEvaluation” : “”
    At line:18 char:2
    + ([wmiclass]”$ComputerNamerootccmdcm:SMS_DesiredConfiguration”).TriggerEval …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WMIMethodException

  4. I was not able to force eval of all Baselines by simply omitting -BLName. I had to specify -BLName “*”

  5. Hi Timmy, Thanks for the blog that is really useful for me.
    also i need to perform the counts of the check that specific baseline is doing. Actually i am getting many mismatch of the counts from SCCM side and from the client side.
    i have approx 10k server where getting this issue. not sure i can do this using powershell or not (initially i need to do the count of the checks )
    Please help if we have anything to do the count of checks.

    Thanks in Advance

Leave a Reply to Chris K. Cancel reply