INTRODUCTION

When moving to new versions of Windows 10 (Windows as a Service) , sometimes you will need to upgrade drivers and applications prior to the upgrade process. This can be accomplished using SCCM Configuration Items.

Driver requirements differ between different models and there is no built-in functionality to control compliance checks for a specific model.

Again, Powershell will need to come to the rescue.

CONFIGURATION ITEMS

Configuration Items can be any of the following:

  • Software Updates
  • Registry Values
  • Files
  • Custom scripts

Configuration Items are not deployed, but are deployed using Configuration Baselines which I will cover below.

Configuration Items are a more modern approach to handling settings. Even Group Policy settings are possible to be converted to Configuration Items. Kaido Järvemts has created a solution for this: https://kaidojarvemets.com/convert-group-policies-into-configuration-items-using-powershell/

CONFIGURATION BASELINES

Configuration Baselines include at least one Configuration Item and is deployed to a collection of clients or users.

The following items can be part of a Configration Baseline:

  • Configuration Items
  • Software Updates
  • Configuration Baselines

Configuration Items can be targeted to Devices or Users.

Device deployments are not strange.

User deployment works as well. The Configuration Item should be evaluated as part of the login process, similar to a login script. I have however had some issues with this.

SOLUTION

The solution I have created consists of the following components:

  • A script to be used in the Configuration Item
  • A Configuration Item
  • A Configuration Baseline

CREATE CONFIGURATION ITEM

Start by creating the Configuration Item.

Create SCCM Configuration Item

Give the Configuration Item a name and select the options below.

Create SCCM Configuration Items

Select the Operating Systems for which the Configuration Item should be applicable to.

Select Operating System SCCM Configuration Item

Press New to create a new Setting.

SCCM Configuration Item

Give the setting a Name and press Add Script.

SCCM Configuration Item

Paste either the Registry or File Version script. Find these below.

Add Powershell script SCCM Configuration Item

CHECK REGISTRY VALUE

$ComputerModels = 'HP EliteBook 820 G3','HP EliteBook 840 G3'
$RegistryVersion = "24.20.100.628"
$ComputerModelWMI = (Get-WmiObject Win32_ComputerSystem).Model
if ($ComputerModels -match $ComputerModelWMI) {
    $ActualRegistryVersion = (Get-ItemProperty HKLM:\Software\WOW6432Node\Intel\GFX).Version
    if ($ActualRegistryVersion -ge $RegistryVersion) {
        Write-Output $true
    }
    else {
        Write-Output $false
    }
}
else {
   Write-Output $true
}

CHECK FILE VERSION

$ComputerModels = 'HP EliteBook 820 G3','HP EliteBook 840 G3'
$FilePath = "C:\Program Files\Lenovo\HOTKEY\kbdmgr.exe"
$FileVersion = "1.0.0.11"
$ComputerModelWMI = (Get-WmiObject Win32_ComputerSystem).Model
if ($ComputerModels -match $ComputerModelWMI) {
    $ActualFileVersion = (Get-ChildItem $FilePath).VersionInfo
    $ActualFileVersion = $ActualFileVersion.FileVersion
    if ($ActualFileVersion -eq $FileVersion) {
        Write-Output $true
    }
    else {
        Write-Output $false
    }
}
else {
   Write-Output $true
}

Press OK to finalize.

Select the Compliance tab.

Give the Compliance condition a Name.

Configure the compliance conditions according to the following settings:

OptionSetting
Rule TypeValue
The value returned by the specified scriptEquals True
Noncompliance severity for reportsCritical

Press OK.

Finalize the Wizard.

CREATE CONFIGURATION BASELINE

Now we will need to create the Configuration Baseline which is to be deployed.

Go to Assets and Compliance and select Create Configuration Baseline.

Give the Configuration Baseline a Name. Press Add and select Configuration Items.

Select the Configuration Item created earlier.

Press OK to close the window.

Press OK to Finalize.

DEPLOY CONFIGURATION BASELINE

Select the Configuration Baseline you just created. Right-click and press Deploy.

Press Browse to find thecollection to deploy to.

Press OK.

REFERENCES

RELATED POSTS