修复脚本运行时,SCCM 合规性状态始终为“合规”
[英]SCCM Compliance state always 'Compliant' when remediation script runs
问题描述
We're trying to use SCCM 2012 R2 to run some checks on clients and fix problems when needed.
我们正在尝试使用 SCCM 2012 R2 对客户端运行一些检查并在需要时修复问题。 For this we use the PowerShell 'Script' option.为此,我们使用 PowerShell 'Script' 选项。
Problem description:问题描述:
When a 'Discovery script' reports 'Non-Compliant' the 'Remediation script' is launched.当“发现脚本”报告“不合规”时,将启动“修复脚本”。 Regardless of the output of the 'Remediation script', the result in the report on the client in 'Configuration Manager > Configurations' is always 'Compliant' even when the 'Remediation script' failed to fix the issue and as a result has different output then defined in the 'Rules for compliance conditions'.无论“修复脚本”的输出如何,“配置管理器 > 配置”中的客户端报告中的结果始终为“合规”,即使“修复脚本”未能修复问题并因此输出不同然后在“符合条件的规则”中定义。
It seems that from the moment a 'Remediation script' is selected, the output of the SCCM Compliance State is always 'Compliant'.似乎从选择“修复脚本”的那一刻起,SCCM 合规状态的输出始终为“合规”。
Example:例子:
- Situation: - 情况:
When there are files or folders in the folder 'C:\\Users\\me\\Downloads\\Input_Test' the 'Discovery script' reports 'Not compliant to anything' and kicks of the 'Remediation script'.当文件夹“C:\\Users\\me\\Downloads\\Input_Test”中有文件或文件夹时,“发现脚本”报告“不符合任何要求”并启动“修复脚本”。 The remediation script takes action and can't fix the problem so it reports back something else then 'Compliant', like 'Non-Compliant'.补救脚本采取行动,但无法解决问题,因此它会报告其他内容,然后是“合规”,例如“不合规”。 The SCCM Compliance State should say after execution of the 'Remediation script': 'Non-Compliant' (which is not the case). SCCM 合规状态应在执行“补救脚本”后说明:“不合规”(事实并非如此)。
- PowerShell Discovery script: - PowerShell 发现脚本:
$Paths = Get-ChildItem -Path 'C:\Users\me\Downloads\Input_Test' | Select -ExpandProperty FullName
New-EventLog -LogName Application -Source SCCMCompliance
if ($Paths) {
$Compliance = 'Non-Compliant'
Write-EventLog -LogName Application -Source SCCMCompliance -EntryType Warning -EventID 1 -Message “Discovery script: Non-Compliant”
}
else {
$Compliance = 'Compliant'
Write-EventLog -LogName Application -Source SCCMCompliance -EntryType Information -EventID 0 -Message “Discovery script: Compliant”
}
$Compliance
- PowerShell Remediation script: - PowerShell 修复脚本:
Write-Output 'Non-Compliant'
Write-EventLog -LogName Application -Source SCCMCompliance -EntryType Warning -EventID 1 -Message “Remediation script: Non-Compliant $Paths”
- SCCM Rules for compliance conditions: - 符合条件的 SCCM 规则:
- SCCM Compliance State in the Configuration Manager: - 配置管理器中的 SCCM 合规性状态:
In the Windows event viewer all steps can be tracked easily.在 Windows 事件查看器中,可以轻松跟踪所有步骤。 Am I missing something super obvious here?我在这里错过了一些非常明显的东西吗?
1 个解决方案
解决方案1
1 已采纳 2016-03-16 11:18:00
After much pain and hurt myself and @DarkLite1 have found that SCCM does not check compliance state after it has performed remediation在经历了很多痛苦和伤害之后,@DarkLite1 发现 SCCM 在执行补救后没有检查合规状态
From the moment you use a 'Remediation script' the only 2 possible Compliance statusses are: 'Compliant' or 'Exit with error code'.从您使用“修复脚本”的那一刻起,仅有 2 种可能的合规性状态是:“合规”或“以错误代码退出”。 This is done in PowerShell with 'Exit 1'.这是在 PowerShell 中通过“退出 1”完成的。
For more information please see.有关更多信息,请参阅。 https://social.technet.microsoft.com/Forums/en-US/0f0f3e6f-7e9f-4376-a926-fc0b6aef5bf1/sccm-compliance-state-always-compliant-when-remediation-script-runs?forum=configmanagersecurity https://social.technet.microsoft.com/Forums/en-US/0f0f3e6f-7e9f-4376-a926-fc0b6aef5bf1/sccm-compliance-state-always-compatible-when-remediation-script-runs?forum=configmanagersecurity
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.