Check if a File Exists using the Desired Configuration Monitoring Solution
The Desired Configuration Monitoring Solution (DCM Solution) ignores any rules under a Setting if the Setting does not exist. Let us take the case where you are trying to figure out the version of a file and do a compliance check on the same. If the file does not exist at all, it might be alarming to you. However, the DCM Solution does not warn you if the file was missing. But then what happens to the rule you created to check for the version of the file? Well, pretty simple. The rule is ignored. The DCM engine has been written in such a way, that it ignores any rules under a Setting if the Setting were not found. This is by design.
For more details on this behavior, please refer to this earlier posting.
So, it would be a good idea to always check for the existence of the file in addition to checking for any other properties of the file. That way, you can be sure that if the file was not found, you would be alerted! Now, how do you check for the File Existence? That’s a good question! You should have come across a function called Exists in the Query Builder screen while creating an Active Rule under a WMI data source / Setting pair. However, that is completely specific to checking for existence of hot fixes in the WMI. Using that, you cannot check for File Existence. You would need to create a Count Rule to check for the File Existence. This is how you would do it:
Create a File System data source as follows:
Name: FS DS
Absolute Path: c:\sample.txt
Create a Setting under the File System data source as follows:
File Type: Last Modified Time (select this property from the drop down because it will apply to all kinds of files)
Create an Active Rule to check if the File Exists !
Rule Name: CheckFileExistence
Query Expression: count(LastModifiedTime)='0' (Click Build Rule Query -> In the Query Builder screen, select the count function from the functions dropdown. In the Expression dropdown, select the setting which is LastModifiedTime.)
Event Description: The File Sample.txt does not exist
Event ID: 123
Severity: Error
The Rule you created above would alert you if the DCM Engine does not find the file. All you are trying to do here is get a handle to the file. And then check how many handles you got to the file. Ideally, if the file exists, it should be 1. But if the file does not exist, it will be 0 and that’s what the Query Expression above enforces.
I have attached a sample manifest here for your reference. Thanks!
Comments
Anonymous
April 22, 2006
After reviewing the tool and your sample file checker above, I am led to believe that DCM can only scan for files using an absolute path instead of something like %SystemRoot%notepad.exe.
Is this correct?Anonymous
April 26, 2006
Yes. That is correct. DCM can scan for files using the absolute path of a file. However, one can use substitution for expanding variables. In the sense, one can create a Passive Rule to get the value and assign it to a variable using substitution. Later on, any other rule can use the substitution element to determine the absolute path of the file.
In this particulat scenario, you can define a substituion variable for storing the value of System Root.Anonymous
November 01, 2006
I'm having trouble getting a CI to work properly when checking a file for a particular LastModifiedTime. The job starts and finishes successfully, but it never seems to check the LastModifiedTime. I am using the following format for the date (per MS online dicumentation). 'mm/dd/yyyy hh.mm.ss' Is this correct? -or- does anyone have any guidance on this type of query? Thanks - BHAnonymous
November 01, 2006
Can u please post your xml file in here? I can give it a try. You can also send me an email through my blog. Which ever way u prefer... Thanks, Sai KodiAnonymous
November 02, 2006
The comment has been removed