|
1 | | -## |
| 1 | +## |
2 | 2 | ## Compliance script used to calculate compliance against WSL distros based on Distro and Distro Version |
3 | 3 | ## |
4 | 4 |
|
@@ -27,60 +27,67 @@ $compliantDistroValues = [System.Collections.ArrayList]@() |
27 | 27 | # Require last check in time to be within a certain number of days e.g.60 days |
28 | 28 | $compliantLastCheckInTimeout = 60 |
29 | 29 |
|
30 | | -# Pull list of user ids from registry |
31 | | -$userIds = Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Intune\WSLManagement' | Select-Object Name |
32 | | - |
33 | | -# Put together a list of all the distros across users |
34 | | -$distroIds = [System.Collections.ArrayList]@() |
35 | | -foreach ($id in $userIds) |
36 | | -{ |
37 | | - $id.Name = $id.Name.Replace('HKEY_LOCAL_MACHINE', 'HKLM:') |
38 | | - $usersDistroIds = Get-ChildItem -Path $id.Name | Select-Object Name |
| 30 | +$isCompliant = $true |
| 31 | +try { |
| 32 | + # Pull list of user ids from registry |
| 33 | + $userIds = Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Intune\WSLManagement' | Select-Object Name |
39 | 34 |
|
40 | | - foreach($usersDistroId in $usersDistroIds) |
| 35 | + # Put together a list of all the distros across users |
| 36 | + $distroIds = [System.Collections.ArrayList]@() |
| 37 | + foreach ($id in $userIds) |
41 | 38 | { |
42 | | - [void]$distroIds.Add($usersDistroId.Name) |
43 | | - } |
44 | | -} |
| 39 | + $id.Name = $id.Name.Replace('HKEY_LOCAL_MACHINE', 'HKLM:') |
| 40 | + $usersDistroIds = Get-ChildItem -Path $id.Name | Select-Object Name |
45 | 41 |
|
46 | | -# Create compliant last check in date |
47 | | -$compliantDate = Get-Date |
48 | | -$compliantDate = $compliantDate.AddDays($compliantLastCheckInTimeout * -1).ToUniversalTime() |
| 42 | + foreach($usersDistroId in $usersDistroIds) |
| 43 | + { |
| 44 | + [void]$distroIds.Add($usersDistroId.Name) |
| 45 | + } |
| 46 | + } |
49 | 47 |
|
50 | | -# Check compliance of all distros |
51 | | -$isCompliant = $true |
52 | | -foreach($distroId in $distroIds) |
53 | | -{ |
54 | | - $name = $distroId.Replace('HKEY_LOCAL_MACHINE', 'HKLM:') |
55 | | - $distro = Get-ItemPropertyValue -Path $name -Name Distro |
56 | | - $distroVersion = Get-ItemPropertyValue -Path $name -Name Version |
57 | | - $lastCheckin = Get-ItemPropertyValue -Path $name -Name LastCheckinTime |
| 48 | + # Create compliant last check in date |
| 49 | + $compliantDate = Get-Date |
| 50 | + $compliantDate = $compliantDate.AddDays($compliantLastCheckInTimeout * -1).ToUniversalTime() |
58 | 51 |
|
59 | | - # Convert and check last check in time |
60 | | - $lastCheckin = Get-Date -Date $lastCheckin |
61 | | - if ($lastCheckin -lt $compliantDate) |
| 52 | + # Check compliance of all distros |
| 53 | + foreach($distroId in $distroIds) |
62 | 54 | { |
63 | | - $isCompliant = $false |
64 | | - break |
65 | | - } |
| 55 | + $name = $distroId.Replace('HKEY_LOCAL_MACHINE', 'HKLM:') |
| 56 | + $distro = Get-ItemPropertyValue -Path $name -Name Distro |
| 57 | + $distroVersion = Get-ItemPropertyValue -Path $name -Name Version |
| 58 | + $lastCheckin = Get-ItemPropertyValue -Path $name -Name LastCheckinTime |
66 | 59 |
|
67 | | - # Check that disto and version meet compliance requirements |
68 | | - $compliantDistro = $compliantDistroValues.where({$_.distro.ToLower() -eq $distro.ToLower()}) |
69 | | - if ($compliantDistro -ne $null) |
70 | | - { |
71 | | - $min = $compliantDistro.minVersion |
72 | | - $max = $compliantDistro.maxVersion |
73 | | - if ($distroVersion -lt $min -or $distroVersion -gt $max) |
| 60 | + # Convert and check last check in time |
| 61 | + $lastCheckin = Get-Date -Date $lastCheckin |
| 62 | + if ($lastCheckin -lt $compliantDate) |
| 63 | + { |
| 64 | + $isCompliant = $false |
| 65 | + break |
| 66 | + } |
| 67 | + |
| 68 | + # Check that disto and version meet compliance requirements |
| 69 | + $compliantDistro = $compliantDistroValues.where({$_.distro.ToLower() -eq $distro.ToLower()}) |
| 70 | + if ($compliantDistro -ne $null) |
| 71 | + { |
| 72 | + $min = $compliantDistro.minVersion |
| 73 | + $max = $compliantDistro.maxVersion |
| 74 | + if ($distroVersion -lt $min -or $distroVersion -gt $max) |
| 75 | + { |
| 76 | + $isCompliant = $false |
| 77 | + break |
| 78 | + } |
| 79 | + } |
| 80 | + else |
74 | 81 | { |
75 | 82 | $isCompliant = $false |
76 | 83 | break |
77 | 84 | } |
78 | 85 | } |
79 | | - else |
80 | | - { |
81 | | - $isCompliant = $false |
82 | | - break |
83 | | - } |
| 86 | +} |
| 87 | +catch { |
| 88 | + # Default to compliant if there are any issues reading registry keys |
| 89 | + $jsonOutput += @{ WSLInstancesComplianceStatus = "Compliant" } |
| 90 | + return $jsonOutput | ConvertTo-Json -Compress |
84 | 91 | } |
85 | 92 |
|
86 | 93 | if ($isCompliant) |
|
0 commit comments