none
Compliance Remediation Script parameter RRS feed

  • Question

  • Hello,

    I am working on some remediation scripting in SCCM 2012 and am running into what I believe to be a bug. According to the SCCM window below, SCCM should be sending the 'Non-Compliant' Value to the script (which should be the value that you echo out from the discovery script).

    But, from my testing it appears that SCCM is passing the value that states the rule is compliant that is specified in the compliance rule. If this is the intended functionality then the wording in the above screenshot is very misleading. I need to pass the non compliant value to the remediation script for it to work. I really would rather not have to rely on using other methods to pass the value such as a text file on the computer.

    can someone from Microsoft verify whether the intended behavior is to pass the complaint or non compliant value??

    We are running SCCM 2012 SP1 CU4.

    Thanks

    Tom

    Friday, April 4, 2014 4:03 PM

Answers

  • Well, I'm not Microsoft, I'm just another admin and I wanted to test your scenario.  I've never thought about passing parameters--probably because I was used to doing remediation in cm07 w/DCM all right within the 1 script.

    Anyway, I can confirm that what you see is what I see happening.  I made a quick test Compliance Setting.  Detection script:

    on error resume next
    wscript.echo "hello"

    where it was compliant only if the value returned was the phrase "AnythingElse"  (so should of course always fail)

    and the Remediation script:

    on error resume next
    Set sho = Wscript.CreateObject("Wscript.Shell")
    sho.RegWrite "HKLM\SOFTWARE\CCMComplianceSetting\ArgumentZero", wscript.Arguments(0),"REG_SZ"
    sho.RegWrite "HKLM\SOFTWARE\CCMComplianceSetting\ArgumentOne", wscript.Arguments(1),"REG_SZ"
    wscript.echo "TriedSomething"
    wscript.quit

    and after running, those regkeys, I got one regkey created, with a value of "AnythingElse".  (Not Hello).  I put in arguments 0 and 1; just to see if maybe it was argument0 for the 'what should it be', and perhaps argument1 would be "what really was the result".

    For me, personally, what I do (because that's just how I've always done it).  Is the remediation script is 90% the same as the detection script--because I'll get the failed parameter again.  So you can use it in the remediation.  Yeah, sure, you are detecting it twice; but I guess I never thought about it.  Whether or not that phrasing was overlooked and it should have read "passes in the desired compliant value", or if it was meant to pass in the non-compliant value, I couldn't say. 


    Standardize. Simplify. Automate.

    Saturday, April 5, 2014 2:54 PM

All replies

  • can someone from Microsoft verify whether the intended behavior is to pass the complaint or non compliant value??

    Hi Tom, if you are want someone from MS to confirm verify this, then you need to contact CSS directly for support.

    Forum are indented, to be user to user support.


    http://www.enhansoft.com/

    Friday, April 4, 2014 6:37 PM
    Moderator
  • Well, I'm not Microsoft, I'm just another admin and I wanted to test your scenario.  I've never thought about passing parameters--probably because I was used to doing remediation in cm07 w/DCM all right within the 1 script.

    Anyway, I can confirm that what you see is what I see happening.  I made a quick test Compliance Setting.  Detection script:

    on error resume next
    wscript.echo "hello"

    where it was compliant only if the value returned was the phrase "AnythingElse"  (so should of course always fail)

    and the Remediation script:

    on error resume next
    Set sho = Wscript.CreateObject("Wscript.Shell")
    sho.RegWrite "HKLM\SOFTWARE\CCMComplianceSetting\ArgumentZero", wscript.Arguments(0),"REG_SZ"
    sho.RegWrite "HKLM\SOFTWARE\CCMComplianceSetting\ArgumentOne", wscript.Arguments(1),"REG_SZ"
    wscript.echo "TriedSomething"
    wscript.quit

    and after running, those regkeys, I got one regkey created, with a value of "AnythingElse".  (Not Hello).  I put in arguments 0 and 1; just to see if maybe it was argument0 for the 'what should it be', and perhaps argument1 would be "what really was the result".

    For me, personally, what I do (because that's just how I've always done it).  Is the remediation script is 90% the same as the detection script--because I'll get the failed parameter again.  So you can use it in the remediation.  Yeah, sure, you are detecting it twice; but I guess I never thought about it.  Whether or not that phrasing was overlooked and it should have read "passes in the desired compliant value", or if it was meant to pass in the non-compliant value, I couldn't say. 


    Standardize. Simplify. Automate.

    Saturday, April 5, 2014 2:54 PM
  • Is it still wasn't fixed? Seems like this bug still exists in 1810.

    Vladimir Zelenov | http://systemcenter4all.wordpress.com

    Tuesday, December 11, 2018 6:21 AM
  • Appears to still be an issue in SCCM 1902...
    Friday, October 4, 2019 9:47 PM