-
Notifications
You must be signed in to change notification settings - Fork 5
/
Install-PSDiscoveryProtocolBaseline.ps1
86 lines (70 loc) · 3.82 KB
/
Install-PSDiscoveryProtocolBaseline.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
[CmdletBinding()]
param(
[Parameter(Mandatory,
HelpMessage='Enter the name of the existing collection you want to use for testing')]
[ValidateScript({[bool](Get-CMCollection -Name $_)})]
[string]
$MyTestCollection,
[Parameter(Mandatory,
HelpMessage='You need to choose whether you want to capture LLDP or CDP')]
[ValidateSet('CDP', 'LLDP')]
[string]
$DiscoveryProtocolType
)
$DiscoveryScript = {
# If you set $EnableTranscript to $true, two files will be created in $env:TEMP
# PowerShell_transcript.COMPUTERNAME.xxxxxxxx.yyyyMMddHHmmss.txt
# DiscoveryProtocolData.txt
$EnableTranscript = $false
if ($EnableTranscript) {
Start-Transcript -OutputDirectory $env:TEMP | Out-Null
}
$Name = 'PSDiscoveryProtocol'
Get-CimInstance -ClassName $Name | Remove-CimInstance -ErrorAction SilentlyContinue
$Class = New-Object System.Management.ManagementClass ('root\cimv2', [String]::Empty, $null)
$Class['__CLASS'] = $Name
$Class.Qualifiers.Add('Static', $true)
$Class.Properties.Add('Device', [System.Management.CimType]::String, $false)
$Class.Properties.Add('Port', [System.Management.CimType]::String, $false)
$Class.Properties.Add('VLAN', [System.Management.CimType]::UInt16, $false)
$Class.Properties.Add('LastUpdate', [System.Management.CimType]::DateTime, $false)
$Class.Properties['Device'].Qualifiers.Add('Key', $true)
$Class.Properties['Port'].Qualifiers.Add('Key', $true)
$Class.Put() | Out-Null
if ('NuGet' -notin (Get-PackageProvider).Name) {
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-PackageProvider -Name NuGet -Force | Out-Null
}
if ('PSDiscoveryProtocol' -notin (Get-InstalledModule).Name) {
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-Module -Name PSDiscoveryProtocol -Repository PSGallery -Confirm:$false -Force | Out-Null
}
$DiscoveryProtocolData = Invoke-DiscoveryProtocolCapture -Type $DiscoveryProtocolType | Get-DiscoveryProtocolData
if ($EnableTranscript) {
$DiscoveryProtocolData | ConvertTo-Json | Out-File $env:TEMP\DiscoveryProtocolData.txt
}
$DiscoveryProtocolData | ForEach-Object {
New-CimInstance -ClassName $Name -Property @{
Device = $_.Device
Port = $_.Port
VLAN = $_.VLAN
LastUpdate = Get-Date
} | Out-Null
}
if ($EnableTranscript) {
Stop-Transcript | Out-Null
}
Write-Output 'Success'
}
$Name = 'PSDiscoveryProtocol'
$ConfigurationItem = New-CMConfigurationItem -Name $Name -CreationType WindowsOS
$ConfigurationItem | Add-CMComplianceSettingScript -Name $Name -DiscoveryScriptLanguage PowerShell -DataType String -DiscoveryScriptText $DiscoveryScript.ToString().Replace('$DiscoveryProtocolType', $DiscoveryProtocolType) -NoRule -Is64Bit:$true | Out-Null
$Setting = Get-CMComplianceSetting -Name $Name
$Rule = New-CMComplianceRuleValue -ExpectedValue Success -ExpressionOperator IsEquals -RuleName $Name -InputObject $Setting
$ConfigurationItem | Add-CMComplianceSettingRule -Rule $Rule | Out-Null
$Baseline = New-CMBaseline -Name $Name
$Baseline | Set-CMBaseline -AddOSConfigurationItem $ConfigurationItem.CI_ID
$null = New-CMBaselineDeployment -Name $Name -CollectionName $MyTestCollection
$Expression = 'select SMS_R_System.Name, SMS_G_System_PSDISCOVERYPROTOCOL.Device, SMS_G_System_PSDISCOVERYPROTOCOL.Port, SMS_G_System_PSDISCOVERYPROTOCOL.VLAN, SMS_G_System_PSDISCOVERYPROTOCOL.LastUpdate from SMS_R_System inner join SMS_G_System_PSDISCOVERYPROTOCOL on SMS_G_System_PSDISCOVERYPROTOCOL.ResourceID = SMS_R_System.ResourceId order by SMS_R_System.Name'
$null = New-CMQuery -Name $Name -Expression $Expression -TargetClassName SMS_R_System
Write-Output 'Finished'