Retrieving Compliance-States
Retrieving Compliance-States
In "Compliance" is a very central aspect. Basically the goal is, to bring all systems to compliant state, which means, that the "desired state" matches the "current state".
Inside the DSM console, there are several places where a Compliance-State can be controlled. We distinguish between the Compliance-State of individual Policy-Instances, the Compliance-State of Policies, the calculated overall Compliance-State of Computer-objects or the - also calculated - Compliance-State of Software-, Driver- and Patch-Policies.
Using the new cmdlet Get-EmdbComplianceState introduced in PSX 4.0, the Compliance-State of these objects can be retrieved.
Examples:
Hint: The execution of these examples requires a connected PowerShell drive. |
The most obvious example is probably the retrieval of the Compliance-State of a single Policy-Instance. In the following example we get the Compliance-State of the Policy-Instance of the assignment of Package "7-Zip (x64) 16.04" to Computer "WIN10-01":
$MyComputer = Get-EmdbComputer "WIN10-01" -Recurse $MyPolicyInstance = Get-EmdbPolicyInstance -Item $MyComputer | Add-EmdbRelatedItem -Group SoftwarePackages -PassThru | Where-Object {$_.AssignedObjectName -eq "7-Zip (x64) 16.04"} Get-EmdbComplianceState -PolicyInstance $MyPolicyInstance |
Note: in the example above, the cmdlet Add-EmdbRelatedItem is used to improve the performance when retrieving the associated Software-Packages, that are filtered during processing the pipeline.. |
In the next example, the Policy to the Policy-Instance retrieved above is determined and its - calculated - Compliance-State is requested. A histogram is created, that includes the different Policy-Instance states and their respective numbers:
$MyPolicy = $MyPolicyInstance.GetPolicy() Get-EmdbComplianceState -Policy $MyPolicy | ForEach-Object {$.Histogram} |
Now the Compliance-State of a Computer should be investigated. We use the already inspected Computer "WIN10-01" again. At first we have a look at the "Last Calculated Compliance" which is a summary of all Software-, Patch- and Driver-Policy-Instances:
Get-EmdbComplianceState -Computer $MyComputer |
The data can be restricted to Software, Patch, Driver - following the Compliance of the Patch assignments as an example:
Get-EmdbComplianceState -Computer $MyComputer -LastCalculatedComplianceScope "Patch" |