Update 2023.03.08 – Updated the CI’s for Updating PowerShellGet & PackageManagement Modules. – Replace what is in the post with these two:
Updated 2020.04.20 – Added CI’s to support HPCMSL PowerShell Module from Gallery. – More Info at Bottom. [GITHUB LINK]
Updated 2019.12.25 – More Examples at bottom… because it’s Christmas, and I just enjoy sitting on my couch with my kids while they watch a children’s Christmas Movie, and I can play with my CM Lab.
I’ve been using the HP Client Management Script Library quite a bit, and the functionality continues to get better with each release. I’ve posted a few things in the past leveraging it, and quite honestly, with improvements to the CMSL, the code in those posts could be shortened up. But since I don’t have time to go back and update code for the sake of updating it, and it’s way more fun to come up with new ideas, this post is a few of examples of leveraging the CMSL.
3 CI Examples in 1 Baseline targeted to HP Machines (All Code is linked to GISTs on GitHub)
The Detection Methods are combined into 1 GIST, so you’ll have to copy and paste the section needed for each CI. (or download the Baseline export here:
HP Baseline (Leveraging HPCMSL) (9433 downloads )
– ZIP File, Extract the ZIP File and import the CAB File)
Please note, since the time I published this post, HP has released the HPCMSL via the PowerShell Gallery, which is super cool, but I didn’t write these CIs to work with that, so if you didn’t use the installer, the detection methods I’ve used will not work.
- HP Client Management Script Library (ASSUMES you’ve used the INSTALLER version, not the PowerShell Gallery Version which was recently released)
- Gets current HPCMSL version installed, compares to latest version available from HP.
- HP Model Supported on Current OS (Requires CMSL 1.3 or higher) – Updated code below, as everyone should be on 1.3 or higher.
- Using HPCMSL checks installed OS and confirms it is supported by HP
- HP BIOS Version Compliance
- Using HPCMSL, checks version of BIOS installed and compares to HP for newer version.
HP Client Management Script Library
HP Client Management Script Library
HP Model Supported on Current OS
HP BIOS Version Compliance
Detection Script from GIST (Links above, but just a better visual so you can see the break down)
In Action:
Update from 2019.12.25
Created several more CI’s for HP BIOS Settings.
Once you have HP’s CMSL installed, you can then leverage that to easily monitor BIOS Settings.
Most of the CI scripts are 1 liners: Some I just have Detection, and some I Remediate. As you can see, with CMSL, it’s very easy to both grab a setting then set a setting if non-compliant.
To get a list of settings, I ran this command: Get-HPBIOSSettingsList | Out-GridView
Update 2020.04.20 – Added scripts to github to support the PowerShell Gallery Version. To Use the Gallery version, it requires updates to NuGet & PowerShellGet, also available in the GitHub Repo.
Another good blog post about Installing HP CMSL from Jon
Alright, I think that is a good sample, I’ve added the entire Baseline into the download, so you can easily import it.
GARYTOWN
Thanks so much for this! How do I troubleshoot why certain things are not being remediated? The Enable Numlock and Disable Legacy Options are not being remediated.
Great Question, at this point, probably working with HP support. For Disable Legacy Options, that one could be tricky, because it would require that you’re not using any of the features of legacy support. I’d probably troubleshoot by running using their bios configuration utility which might provide additional feedback as to why it didn’t change your setting.
How are you installing this now that it is in the Powershell Gallery? Do you go out to the internet? Do you also install during OSD? Maybe a file copy is easier?..
I changed the detection since 1.4.3 doesn’t seem to be in ARPDisplayname anymore. $HPCMSLVers = (Get-Module -ListAvailable -Name HPCMSL).Version
Hi! In your NuGetModule-Remediation.ps1 script you use uninstall-module -Name $ModuleName which is “NuGet”. However, IMHO NuGet cannot be uninstalled this way because it’s a package provider. I didn’t find a way to uninstall a package provider, did you?
Thanks for your very good work!
I believe you are right, I’ve just re-written how I manage PowershellGet & PackageManagement Modules. Still testing in my Lab, but I’ll be updating this post and Github in the near future with my changes.