14th March 2019

Create CI and Baseline for verifying SNMP-service installed and running

By Damberg ConfigMgr Compliance Scripts, Powershell 0 Comments

Case:

You need to verify that SNMP-service is running on servers, and if not it must be installed.

To do after running the script:

You need to set “supported platforms” on the CI after creation. This CI and Baseline only runs on Server 2012 and above.

Main-Script:

The main script to run in powershell elevated in the ConfigMgr ps-drive.

If you want to enable it by default you have to change the last line from “-EnableEnforcement $false” to “-EnableEnforcement $true”

<#
 
**************************************************************
 
Created:    2019-03-12
Version:    1.0
 
Disclaimer:
This script is provided "AS IS" with no warranties
 
Author - Christian Damberg
    Twitter: @DambergC
    Blog   : https://www.damberg.org
 
************************************************************** 
#>

#name and description of the Configuration Item
    $CI_name = 'Verify SNMP service installed'
    $CI_desc = 'Find if SNMP are installed on server'

#name of setting and path to powershellscripts
    $Setting_name = 'Get-Service SNMP'
    $Path_discoverScript = 'D:\Powershell\SCCM\Compliance\Get-installedService-SNMP.ps1'
    $Path_remediationscript = 'D:\Powershell\SCCM\Compliance\Install-WindowsFeature-SNMP.ps1'

#name and description of the rule
    $rule_name = 'Verify SNMP service installed'
    $rule_Desc = 'Run script to find SNMP installed'

#Name, description and targetcollection for the baseline
    $baseline_name = 'Verify SNMP service installed'
    $baseline_desc = 'Get "Compliant" if SNMP-service are installed'
    $collection_name = 'All Systems'

#BaselineDeployment Schedule
    $scheduleInterval = 'Hour' #days, minutes, hour
    $ScheduleCount = '2'

#First you need to create an Configuration Item
$CIObject = New-CMConfigurationItem -Name $CI_name -CreationType WindowsOS -Description $CI_desc

#Create the settings by using powershell script
$Setting = Add-CMComplianceSettingScript -InputObject $CIObject -settingName $Setting_name -DataType String -DiscoveryScriptLanguage PowerShell -DiscoveryScriptFile $Path_discoverScript -noRule -RemediationScriptLanguage PowerShell -RemediationScriptFile $Path_remediationscript -noRule


#Create the Settings Rule
$setting2 = $CIObject | Get-CMComplianceSetting -SettingName $Setting_name
$CIRule = $Setting2 | New-CMComplianceRuleValue -ExpressionOperator IsEquals -RuleName $rule_name -ExpectedValue 'Compliant' -NoncomplianceSeverity Informational -RuleDescription $rule_desc -Remediate
$CIRuleAdded = Add-CMComplianceSettingRule -InputObject $CIObject -Rule $CIRule

#Create the baseline
New-CMBaseline -Name $baseline_name -Description $baseline_desc

#add the CI to the baseline
Set-CMBaseline -Name $baseline_name -AddOSConfigurationItem $CIObject.ci_id

#Create the schedule for the deployment of the baseline.
$BaselineSchedule = New-CMSchedule -RecurInterval $scheduleInterval -RecurCount $ScheduleCount


#Deploy the baseline to the target collection
New-CMBaselineDeployment -CollectionName $collection_name -name $baseline_name -EnableEnforcement $false -Schedule $BaselineSchedule

**************************************************************

Created: 2019-03-12

Version: 1.0

Disclaimer:

This script is provided "AS IS" with no warranties

Author - Christian Damberg

Twitter: @DambergC

Blog : https://www.damberg.org

**************************************************************

#name and description of the Configuration Item

$CI_name = 'Verify SNMP service installed'

$CI_desc = 'Find if SNMP are installed on server'

#name of setting and path to powershellscripts

$Setting_name = 'Get-Service SNMP'

$Path_discoverScript = 'D:\Powershell\SCCM\Compliance\Get-installedService-SNMP.ps1'

$Path_remediationscript = 'D:\Powershell\SCCM\Compliance\Install-WindowsFeature-SNMP.ps1'

#name and description of the rule

$rule_name = 'Verify SNMP service installed'

$rule_Desc = 'Run script to find SNMP installed'

#Name, description and targetcollection for the baseline

$baseline_name = 'Verify SNMP service installed'

$baseline_desc = 'Get "Compliant" if SNMP-service are installed'

$collection_name = 'All Systems'

#BaselineDeployment Schedule

$scheduleInterval = 'Hour' #days, minutes, hour

$ScheduleCount = '2'

#First you need to create an Configuration Item

$CIObject = New-CMConfigurationItem -Name $CI_name -CreationType WindowsOS -Description $CI_desc

#Create the settings by using powershell script

$Setting = Add-CMComplianceSettingScript -InputObject $CIObject -settingName $Setting_name -DataType String -DiscoveryScriptLanguage PowerShell -DiscoveryScriptFile $Path_discoverScript -noRule -RemediationScriptLanguage PowerShell -RemediationScriptFile $Path_remediationscript -noRule

#Create the Settings Rule

$setting2 = $CIObject | Get-CMComplianceSetting -SettingName $Setting_name

$CIRule = $Setting2 | New-CMComplianceRuleValue -ExpressionOperator IsEquals -RuleName $rule_name -ExpectedValue 'Compliant' -NoncomplianceSeverity Informational -RuleDescription $rule_desc -Remediate

$CIRuleAdded = Add-CMComplianceSettingRule -InputObject $CIObject -Rule $CIRule

#Create the baseline

New-CMBaseline -Name $baseline_name -Description $baseline_desc

#add the CI to the baseline

Set-CMBaseline -Name $baseline_name -AddOSConfigurationItem $CIObject.ci_id

#Create the schedule for the deployment of the baseline.

$BaselineSchedule = New-CMSchedule -RecurInterval $scheduleInterval -RecurCount $ScheduleCount

#Deploy the baseline to the target collection

New-CMBaselineDeployment -CollectionName $collection_name -name $baseline_name -EnableEnforcement $false -Schedule $BaselineSchedule

Discovery-script:

To find if the SNMP is running on the server.

<#
 
************************************************************** 
Created:    2019-03-12
Version:    1.0
 
Disclaimer:
This script is provided "AS IS" with no warranties
 
Author - Christian Damberg
    Twitter: @DambergC
    Blog   : https://www.damberg.org
 
************************************************************** 
#>

$service = 'snmp'

if (get-service -Name $service -ErrorAction SilentlyContinue)
{
   $compliance = 'Compliant'
}

else
{
   $compliance = 'NonCompliant'
}

return $Compliance

**************************************************************

Created: 2019-03-12

Version: 1.0

Disclaimer:

This script is provided "AS IS" with no warranties

Author - Christian Damberg

Twitter: @DambergC

Blog : https://www.damberg.org

**************************************************************

$service = 'snmp'

if (get-service -Name $service -ErrorAction SilentlyContinue)

{

$compliance = 'Compliant'

}

else

{

$compliance = 'NonCompliant'

}

return $Compliance

Remediation-script:

The script to install SNMP-.service on the server.

<#
 
************************************************************** 
Created:    2019-03-12
Version:    1.0
 
Disclaimer:
This script is provided "AS IS" with no warranties
 
Author - Christian Damberg
    Twitter: @DambergC
    Blog   : https://www.damberg.org
 
************************************************************** 
#>

$FeatureName = "snmp-service"
Install-WindowsFeature -Name $featurename -IncludeAllSubFeature

**************************************************************

Created: 2019-03-12

Version: 1.0

Disclaimer:

This script is provided "AS IS" with no warranties

Author - Christian Damberg

Twitter: @DambergC

Blog : https://www.damberg.org

**************************************************************

$FeatureName = "snmp-service"

Install-WindowsFeature -Name $featurename -IncludeAllSubFeature

About Author

Damberg