We have a few compliance items set up in SCCM 2012 R2 that use PowerShell scripts for detection and remediation. Most of these scripts are relatively simple, and have been working fine as compliance items using PowerShell 2.0. We have recently upgraded our workstations to Windows Management Framework 4, in an effort to bring them up to WMF 5. Unfortunately, this appears to have broken the compliance items. The scripts still run fine locally, but return error 0x87d00329 when initiated during compliance evaluation. The following gets reported to the event log when the compliance items try to run:
Version=1
EventType=PowerShell
EventTime=130912064509210575
ReportType=1
Consent=1
ReportIdentifier=7b8c723e-83c7-11e5-b958-9890969d9453
Response.type=4
Sig[0].Name=NameOfExe
Sig[0].Value=powershell.exe
Sig[1].Name=FileVersionOfSystemManagementAutomation
Sig[1].Value=10.0.10105.0
Sig[2].Name=InnermostExceptionType
Sig[2].Value=System.ArgumentException
Sig[3].Name=OutermostExceptionType
Sig[3].Value=System.ArgumentException
Sig[4].Name=DeepestPowerShellFrame
Sig[4].Value=werShell.ConsoleHost.InitializeStandardInputReader
Sig[5].Name=DeepestFrame
Sig[5].Value=System.IO.FileStream..ctor
Sig[6].Name=ThreadName
Sig[6].Value=Consol.. main thread
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.4
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
FriendlyEventName=PowerShell
ConsentKey=PowerShell
AppName=powershell
AppPath=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Here is an example of one of the scripts that is having problems now:
$compliance = "Non-Compliant"
$domain = "MyDomain"
$add = "MyLocalAdmins"
$group = [ADSI]"WinNT://./Administrators,group"
$test = @($group.Invoke("Members"))
Foreach ($member in $test) {
If ($member.GetType().InvokeMember("Name",'GetProperty', $null, $member, $null) -eq $add){
$compliance = "Compliant"
}
}
$compliance