Testing Compliance-States

Similar to the retrieval of Compliance-States, they can be tested using the Test-EmdbComplianceState cmdlet for different Status-values. The result of the test is true, if it succeeds and false, if the test fails.


For the different object-types can be tested, there are different Status-values. So for example a single Policy-Instance can have other Status-values as the Last Calculated Compliance of a Computer.


Examples:


Hint: The execution of these examples requires a connected PowerShell drive.


The most obvious example is probably the test of the Compliance-State of a single Policy-Instance. In the following example we check, if the Policy-Instance of the assignment of Package "7-Zip (x64) 16.04" to Computer "WIN10-01" is compliant:


$MyComputer = Get-EmdbComputer "WIN10-01" -Recurse

$MyPolicyInstance = Get-EmdbPolicyInstance -Item $MyComputer | Add-EmdbRelatedItem -Group SoftwarePackages -PassThru | Where-Object {$_.AssignedObjectName -eq "7-Zip (x64) 16.04"}

Test-EmdbComplianceState -PolicyInstance $MyPolicyInstance -ComplianceState "Compliant"


Note: in the example above, the cmdlet Add-EmdbRelatedItem is used to improve the performance when retrieving the associated Software-Packages, that are filtered during processing the pipeline.


In the following example, the Policy to the Policy-Instance retrieved above is determined and then tested, if the Policy or the sum of all Instances respectively is compliant for at least 75%:


$MyPolicy = $MyPolicyInstance.GetPolicy()

Test-EmdbComplianceState -Policy $MyPolicy -ComplianceState "Compliant" -MinPercentReached 75


Now the Compliance-State of a Computer should be investigated. We use the already inspected Computer "WIN10-01" again. At first we have a look at the "Last Calculated Compliance" which is a summary of all Software-, Patch- and Driver-Policy-Instances, and want to know, if the Computer is fully compliant:


Test-EmdbComplianceState -Computer $MyComputer -LastCalculatedComplianceState "Compliant"


The data can be restricted to Software, Patch, Driver. Additionally, it is possible to test for partly Compliance, as it is done in the DSM Console and represented through the green/yellow-icons. The code below for example, checks if the Computer is 50% compliant from a Patch point of view:


Test-EmdbComplianceState -Computer $MyComputer -LastCalculatedComplianceScope "Patch" -LastCalculatedComplianceState "PartiallyCompliant500"