One of the new pre-realease features in ConfigMgr 1706 is the Run Script function which makes it possible to run Powershell scripts directly from the ConfigMgr console towards clients. This is a huge benefit to be able to do so because this means as long as the client is active in ConfigMgr console it will execute the script you triggered almost in real time and without going through the process of making sure that WinRM is active on the client and configuring firewall and all the other things that can be an issue when you deal with clients on different subnets, physical locations, behind different firewalls etc. As long as you have your ConfigMgr infrastructure in place and the clients are active you are all good to go.
What you could do and as I will showcase in this post is to invoke Configuration baseline evaluation on demand with the Run script function. I have an old blog post on how to to it with Powershell remotely ( https://timmyit.com/2016/07/26/sccm-and-powershell-trigger-baseline-evaluation-on-client/ ) but that means you have to have everything in place to remote access clients with Powershell which isn’t always the case in a lot of environments for many reasons.
The reason for creating this script in the first place is because there’s no built in function to evaluate baselines on demand in ConfigMgr. I have also created an uservoice to add that function in the UI console here: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/18652852-console-ui-function-to-invoke-evaluation-of-baseli
Give that uservoice a vote if you find it useful and in the mean time we can use the run script function to achieve the same result.
If you want to know in detail how to active the run script feature in ConfigMgr 1706 and how to create a script and run it in detail check out my blog posts about that over at CTGlobalservices blog:
Baseline Evaluation with Run script feature
Here’s the Powershell script we want to use to evaluate all of the baselines deployed to the machines in a device collection. If you just want to evaluate a specific one you need to modify the script.
Note,
When testing this script as a Run script I wasn’t able to run the original Powershell script as a function, it returned Exit code 0 but didn’t execute the evaluation method on the client for some reason through ConfigMgr but it did work when I ran it manually on the client. I’m currently troubleshooting that and will probably file a bug report when I have more info and do a separate blog post on that later. But in the meantime we will just have to skip function part. And just to emphasis this is still a prerelease feature.
$Baselines = Get-WmiObject -ComputerName $env:COMPUTERNAME -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
$Baselines | % {
([wmiclass]"\\$env:COMPUTERNAME\root\ccm\dcm:SMS_DesiredConfiguration").TriggerEvaluation($_.Name, $_.Version)
}
First off all, lets create a script
Copy the or import the powershell script
Approve the script you just created.
Over at the client you can see that we have a Baseline that hasn’t been evaluated yet
Jumping back to the ConfigMgr console we find the device collection we want to run the script against and then right click and choose “Run Script” and go through the wizard
Under Client operations we can see that the operation has started
And under monitoring and “Script Status” we see that the evaluation has completed on the client.
and finally over at the client we see that the Baseline has been evaluated.
That’s all for now and until next time, cheers !
Don’t forget to follow me on twitter
[twitter-follow screen_name=’Timmyitdotcom’]
And you can also find me blogging over at http://blog.ctglobalservices.com/
I actually found this same script on Reddit. However, I also found that it only runs user-level baselines and not computer-level baselines. Another user somewhere else on the internet had a solution for computer-level baselines, and I combined the two into one solution:
$ComputerName = $env:COMPUTERNAME $Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace rootccmdcm -Class SMS_DesiredConfiguration $MC = [WmiClass]"\$ComputerNamerootccmdcm:SMS_DesiredConfiguration" $Method = "TriggerEvaluation" $InParams = $mc.psbase.GetMethodParameters($Method) $InParams.IsEnforced = $true $InParams.IsMachineTarget = $false foreach($Baseline in $Baselines) { #$Baseline.DisplayName if($Baseline.IsMachineTarget) { $R= ([wmiclass]"\$env:ComputerNamerootccmdcm:SMS_DesiredConfiguration").TriggerEvaluation($Baseline.Name, $Baseline.Version) } else { $InParams.Name = $Baseline.name $InParams.Version = $Baseline.version $R = $MC.InvokeMethod($Method, $InParams, $null) } }It basically tricks it into thinking that computer-level baselines are in fact user-level baselines and then tells it to run. The only thing I’m not sure of, is if they really run in the system context this way, or if it forces the computer-level baseline to run in the user context.
Thanks, great script to trigger the baseline evaluation!!