Q&A – Invoke Baseline evaluation on a device collection

 

 

So i got this question under the comments on my blogpost where i made a Powershell function that would invoke baseline evaluation on a single machine https://timmyit.com/2016/07/26/sccm-and-powershell-trigger-baseline-evaluation-on-client/ and i thought i would answer it through this blog post.

 

Question:

 

Looking for This same powershell script for this one. But, I need one for “all systems” for SCCM. Can you help me with that. Thank you very much! I’m not a powershell scripter at all. But, getting all more baselines in compliance and now having to manually force to evaluate is a pain.. In my environment I have 44,000 devices.. and I have 15 baselines that I need to be in compliance. Thank you very much! Karen

 

Answer:

 

Thanks for your question Karen and i will try to help, below you will find a function that will do what you are asking for but i do need to highlight some things. First of all if you have 44,000 devices and want to run this script against every single one of them it will take a long time for it to finish. One could also add multi threading of course or run it as a job to speed up the process somewhat but it gets complicated really fast and i do prefer to keep it simple.

Lets say it takes an average of 3 seconds per node to Invoke all 15 baselines with this script (not counting nodes thats offline or commuinication failures where powershell will have to timeout) and you have 44,000 of them, that will take approximately 36 hours for the script to finish.

 

If i were you, i would take a look at changing the Compliance setting and the Schedule compliance evaluation. By default it’s set to every 7 days but maybe you want to run it once a day instead ? If not, the Powershell script is listed below.

 

 

2

 

 

The Script:

 


function Invoke-BLEvaluation
{
param (
[String][Parameter(Mandatory=$true, Position=1)] $DeviceCollection,
[String][Parameter(Mandatory=$true, Position=2)] $SiteServer,
[String][Parameter(Mandatory=$true, Position=3)] $SiteCode,
[String][Parameter(Mandatory=$False, Position=4)] $BLName
)
Try
{
$Collection = Get-Wmiobject -NameSpace "ROOT\SMS\site_$SiteCode" -Class SMS_Collection -ComputerName $siteServer | Where-Object {$_.Name -eq "$DeviceCollection"}
$Members = Get-WmiObject -Namespace "ROOT\SMS\site_$SiteCode" -ComputerName $SiteServer -Query "SELECT * FROM SMS_FullCollectionMembership WHERE CollectionID='$($Collection.CollectionID)'"
$Computers = $Members.resourceid

Foreach ($Computer in $Computers)
{
If ($BLName -eq $Null)
{
$Baselines = Get-WmiObject -ComputerName $Computer -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
}
Else
{
$Baselines = Get-WmiObject -ComputerName $Computer -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -like $BLName}
}

$Baselines | % {

([wmiclass]"\\$Computer\root\ccm\dcm:SMS_DesiredConfiguration").TriggerEvaluation($_.Name, $_.Version)

}
}
}
Catch
{
}
}

 

Example: 

 

To call the function:


Invoke-BLEvaluation -DeviceCollection "All systems" -SiteServer "localhost" -SiteCode "TS1"

 

Following parameters needs to be declared,

 


$DeviceCollection,
$SiteServer,
$SiteCode,

 

and optionally is

 

$BLName

 

$DeviceCollection = The device collection you want to run the script against

$SiteServer = Site server for your SCCM environment (in my example i just ran it locally on my SiteServer so that’s why i specified localhost)

$SiteCode = Site code of the SCCM Site you wan’t to run the script against.

 

and it will look something like this:

 

1

 

Regardless which option you go for it still will be faster then doing it all manually haha, so pick whatever suits your needs the best.

 

If you liked my post and found it helpful please share it and also you can follow me on social media.

[twitter-follow screen_name=’Timmyitdotcom’]

 

Cheers,

Timmy

11 comments

  1. Awesome!!! Thanks Tim. I can’t wait to try it.

    I’ll let u know how it’s goes!!

    Thank u very very much! Karen

    Sent from my iPhone

  2. Alot of RPC is unavailable errors at line:$Baselines = Get-WmiObject -ComputerName $Computer -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration

    1. If the client is online then most likely a firewall issue between the machine you are running the script from to the client. If i remember correctly Get-wmiobject uses WinRM so make sure thats not blocked and activated on the client.

      1. Hey man, it ended up working by changing $computers = $members.resourceid to $computers=$members.name since you cannot wmi connect to a SCCM resource ID.

  3. It would be awesome if this could be smart enough to check the online status before attempting this, and only run against the machines on the network right now.

    1. yes that’s a good idea, put an if statement and just make a ping and if reply just go ahead to continue with the baseline evaluation if not just move on to the next client in the list. I’ll put that on my todo-list hehe.

  4. Hi, TimmyIT! I’m using 1810 CB and I keep getting this error when running the script:

    Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
    At line:23 char:14
    + … Baselines = Get-WmiObject -ComputerName $Computer -Namespace root\ccm …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

    Any ideas?

    Thanks!
    -Timothy

Leave a Reply to tjchan Cancel reply