question

SvenH-2743 avatar image
0 Votes"
SvenH-2743 asked AlexZhu-MSFT edited

Configuration Baseline Script Compliance issue

hi,
I think i do something wrong. I want to execute a powershell script and return the value 0 to SCCM. This does not work. I am not a pro in powershell so probably it has to do something with the script. I have another script, which is working so the settings in my baseline/configuration item must be ok.

Working script (returns also 0):

 #discover
 $MinDays = 7
 (Get-ChildItem C:\windows\ccm\logs | Where-Object { ($_.Name -like 'SCNotify*' -or $_.Name -like 'SCClient*' -or $_.Name -like '_SCNotify*' -or $_.Name -like '_SCClient*') -and ([datetime]$_.LastWriteTime -lt (get-date).adddays(-$MinDays))} |Measure-Object).count



Not working script:

 $currentTime = Get-Date -format "dd-MMM-yyyy HH:mm:ss"
 Write-Output "$(get-Date) Aktualisierung Vertrauenswürdiger Stammzertifizierungsstellen durchführen..." | Out-file C:\temp\rootcert_neu.txt
 cls
    
 try {
 #    Aktualisierung “Vertrauenswürdige Stammzertifizierungsstellen”
 Import-Certificate \\server01.company.de\IT\WURootCert\roots.sst -CertStoreLocation Cert:\LocalMachine\Root
 }
    
 catch [system.exception] {
 Add-content C:\temp\rootcert_neu.txt "ERROR!!! Aktualisierung Vertrauenswürdiger Stammzertifizierungsstellen fehlgeschlagen"
 }
 finally { Add-content C:\temp\rootcert_neu.txt "Ende, aktualisierung Vertrauenswürdiger Stammzertifizierungsstellen durchgeführt!!! $currentTime " 
 }
 { Exit }
    
    
 write-output 0



Maybe someone can help me. :/
Thank you very much

mem-cm-cmpivot
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexZhu-MSFT avatar image
0 Votes"
AlexZhu-MSFT answered

Hi,

I've revised the script slightly and you can try to see if it works.
Note: change the -filepath and -CertStoreLocation accordingly.

  $currentTime = Get-Date -format "dd-MMM-yyyy HH:mm:ss"
  Write-Output "$currentTime Update trusted root certification authorities..."
  "$currentTime Update trusted root certification authorities..." | Out-file C:\temp\rootcert_neu.txt
    
  #    Update "Trusted Root Certification Authorities"
  Import-Certificate -FilePath "U:\tmp_dir\human_readable\screenshots\rds from external\remote.cer" -CertStoreLocation cert:\CurrentUser\My
    
  # get the result of last cmdlet
  $result = $?
    
        
  if ($result)
     {"End, update trusted root certification authorities performed!!! $currentTime " | Out-file C:\temp\rootcert_neu.txt -append} 
  else  
     {"ERROR!!! Trusted Root Certification Authorities update failed" | Out-file C:\temp\rootcert_neu.txt -append}
     
  $result

Alex
If the response is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SvenH-2743 avatar image
0 Votes"
SvenH-2743 answered AlexZhu-MSFT commented

Hey, thank you for the Answers. I figured out that the update output of the certificates ist the problem. So if I only change line 7 to

$Result = Import-Certificate \\server01.company.de\IT\WURootCert\roots.sst -CertStoreLocation Cert:\LocalMachine\Root

it works great.

Probably your solution is also correct. I did not test it.

Thank you!

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thank you very much for the feedback. Yes, in the script, a variable is needed to carry the returned result. Glad that the problem is fixed now. As usual, if you have other questions in the future, please do not hesitate to post in this forum.

Have a nice day!

Alex
If the response is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·
RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

Your "working" script is returning the "count" property from the Measure-Object cmdlet.

The "not working" script exits before it writes "0" to the output stream.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.