HP CMSL - ConfigMgr CIs

Updated 2020.04.20 - Added CI's to support HPCMSL PowerShell Module from Gallery. - More Info at Bottom. [GITHUB LINK]

Updated 2019.12.25 - More Examples at bottom... because it's Christmas, and I just enjoy sitting on my couch with my kids while they watch a children's Christmas Movie, and I can play with my CM Lab.

I've been using the HP Client Management Script Library quite a bit, and the functionality continues to get better with each release. I've posted a few things in the past leveraging it, and quite honestly, with improvements to the CMSL, the code in those posts could be shortened up. But since I don't have time to go back and update code for the sake of updating it, and it's way more fun to come up with new ideas, this post is a few of examples of leveraging the CMSL.

3 CI Examples in 1 Baseline targeted to HP Machines (All Code is linked to GISTs on GitHub)
The Detection Methods are combined into 1 GIST, so you'll have to copy and paste the section needed for each CI. (or download the Baseline export here: HP Baseline (Leveraging HPCMSL) (140 downloads) - ZIP File, Extract the ZIP File and import the CAB File)

Please note, since the time I published this post, HP has released the HPCMSL via the PowerShell Gallery, which is super cool, but I didn't write these CIs to work with that, so if you didn't use the installer, the detection methods I've used will not work.

  • HP Client Management Script Library (ASSUMES you've used the INSTALLER version, not the PowerShell Gallery Version which was recently released)
    • Gets current HPCMSL version installed, compares to latest version available from HP.
  • HP Model Supported on Current OS (Requires CMSL 1.3 or higher) - Updated code below, as everyone should be on 1.3 or higher.
    • Using HPCMSL checks installed OS and confirms it is supported by HP
  • HP BIOS Version Compliance
    • Using HPCMSL, checks version of BIOS installed and compares to HP for newer version.

HP Client Management Script Library

Detection Method (PowerShell Script)
Discovery Script - PowerShell - Hosted on GitHub
Compliance, if script output = Compliant, then the CI returns Compliant

HP Client Management Script Library

  • Detection Method - GitHub
  • Settings Script - GitHub
  • Value Returned: Compliant

HP Model Supported on Current OS

  • Detection Method - GitHub
  • Settings Script - GitHub
  • Value Returned: Compliant

HP BIOS Version Compliance

  • Detection Method - GitHub
  • Settings Script - GitHub
  • Value Returned: Compliant

Detection Script from GIST (Links above, but just a better visual so you can see the break down)

In Action:

Shows a machine that is Compliant (Has HPCMSL with current version, has current BIOS and the OS is supported by HP)
This Machine has downlevel version of HPCMSL, and old BIOS. It is unable to do OS check, since that CI requires updated HPCMSL, so it reports "Not-Detected"
This Machine does NOT have HPCMSL installed, so the entire baseline is Non-Compliant, and comes back as "Not Detected"

Update from 2019.12.25

Created several more CI's for HP BIOS Settings.
Once you have HP's CMSL installed, you can then leverage that to easily monitor BIOS Settings.

Most of the CI scripts are 1 liners: Some I just have Detection, and some I Remediate. As you can see, with CMSL, it's very easy to both grab a setting then set a setting if non-compliant.

To get a list of settings, I ran this command: Get-HPBIOSSettingsList | Out-GridView

Sort by Path, and moved the columns to make it easy to see Name & Values together
Image
Example of the Compliance, I place the Desired Value of the Setting as the Compliance, so if it's not that, then it's Non-Compliant, and it shows you the actual current value in the report.
Report Overview
Top CI shows Error, guessing it's the Command, reached out to HP about it
The other 2 CI's are non-compliant, and what's nice is, they say the value the is needs to be [To be Compliant] and what the actual reported current value is.

Update 2020.04.20 - Added scripts to github to support the PowerShell Gallery Version. To Use the Gallery version, it requires updates to NuGet & PowerShellGet, also available in the GitHub Repo.
Another good blog post about Installing HP CMSL from Jon

CI Compliance Rule
The two scripts are in GitHub

Baseline
The 3 CI's that are needed to install the Gallery Version

Alright, I think that is a good sample, I've added the entire Baseline into the download, so you can easily import it.

GARYTOWN

4 thoughts on “HP CMSL - ConfigMgr CIs”

  1. Thanks so much for this! How do I troubleshoot why certain things are not being remediated? The Enable Numlock and Disable Legacy Options are not being remediated.

    Reply
    • Great Question, at this point, probably working with HP support. For Disable Legacy Options, that one could be tricky, because it would require that you're not using any of the features of legacy support. I'd probably troubleshoot by running using their bios configuration utility which might provide additional feedback as to why it didn't change your setting.

      Reply
  2. How are you installing this now that it is in the Powershell Gallery? Do you go out to the internet? Do you also install during OSD? Maybe a file copy is easier?..

    Reply
    • I changed the detection since 1.4.3 doesn't seem to be in ARPDisplayname anymore. $HPCMSLVers = (Get-Module -ListAvailable -Name HPCMSL).Version

      Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.