Trying to create configuration item on file property within user profile

Elroy 11 Reputation points
2021-09-28T23:12:38.403+00:00

We want to use compliance management to know if anybody has modified a configuration .xml file in the user profile under %userprofile%\appdata\roaming\appname\common

I created a configuration item with these properties:
Type: File
Path: %userprofile%\appdata\roaming\appname\common
File or folder name: Configuration.xml

For the compliance rule I have tried checking Modify Date between two dates, and I have also tried checking file size equals, the problem is no matter what I do the compliance check always comes back compliant. I have tried copying non-compliant files into the folder and refreshing policy. But when I re-run evaluation it still thinks my system is compliant.

I am starting to think it might have a problem interpreting the variable %userprofile% in my path? Is there a better way to do this?

Thanks for reading

Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Garth 5,801 Reputation points
    2021-09-29T00:24:51.647+00:00

    You can add logging to your script to confirm what folder it is looking at but it likely looking at the local system account.


  2. AllenLiu-MSFT 46,606 Reputation points Microsoft Vendor
    2021-09-29T06:57:38.52+00:00

    Hi, @Elroy
    Thank you for posting in Microsoft Q&A forum.

    I test it in my lab with the same configuration like yours, and get the same result.
    I checked the DcmWmiProvider.log on client, and found %userprofile%\appdata\roaming\ evaluated to : C:\Users\Default\appdata\roaming\
    136020-1.jpg

    Then, if we haven't check "Report noncompliance if this setting instance is not found", then it will report as "Compliance" if the file is not found. If we checked it, it will report as "Non-Compliance" if the file is not found.
    136129-2.jpg

    We may follow this guidance to create user data and profiles configuration items:
    https://learn.microsoft.com/en-us/mem/configmgr/compliance/deploy-use/create-user-data-and-profiles-configuration-items


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.