Jump to content


nhottinger

Net Start TrustedInstaller in SCCM?

Recommended Posts

We have an issue in our environment where the registry on many of our pc's has become corrupt due to a bad version of Trend Micro Encryption. Because of this we can not install software or update IE once the registry is corrupt. We have worked with Trend but the only fix for this is to re-image the device. We have come to terms with this, but would like a way to find out which pc's in our environment have a corrupt registry so we can proactively "fix" them before it's a huge fire.

 

To check the registry, we simply go to a command prompt and type: net start trustedinstaller. If it starts (or is already started) successfully the registry is fine. If it fails, the registry is corrupt.

 

Is there any way to run a report against all our pc's with SCCM 2012 to show the bad pc's?

Share this post


Link to post
Share on other sites

Services (whether started, stopped or dsiabled) are collected as part of Hardware Inventory i believe.

 

To check this, search for any device in sccm, right click, Resource Explorer, Services. Should see the services listed and the state they are in. Is this good enough or do you actively need to run "net start trustedinstaller" in order to verify if registry is bad or not

Share this post


Link to post
Share on other sites

Sounds like the perfect excuse to use the compliance settings once again, which will give you compliant and non compliant collections on the fly.

$result = $true
if ((Get-Service -Name TrustedInstaller ).Status -eq "Stopped"){
    Start-Service -Name TrustedInstaller -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
    if ((Get-Service -Name TrustedInstaller ).Status -ne "Running"){ $result = $false }
    else { Stop-Service -Name TrustedInstaller -ErrorAction SilentlyContinue -WarningAction SilentlyContinue }
}
return $result

Share this post


Link to post
Share on other sites

No Problem. Open your SCCM Console and go to “Asset and Compliance“. Expand the Comliance Settings Folder and right click the Configuration Iems. Select “Create Configuration Item”, chose a proper name and click two times “Next”. Then click the “New” button and chose a name for the setting. As Setting Type chose “Script” and as data type “Boolean”.

Under Discovery Script hit the “Add Script” button and paste in the powershell script script. Switsh to the Compliance Rules tab in the settings dialog and and click the new button. Select a proper name again and confirm two times with the OK Buttons. Then hit 3 times the next buttons in the dialog window.

Switch to the Configuration Baseline Folder, right click it and chose “New Configuration Baseline”. Select a name and select your new configuration item by hitting the add button. Confirm with OK.

Now you can deploy the Configuration Baseline to a collection of your choice, which is similar to deploying an application. By right clicking the newly created deployment you can create your compliant/nonCompliant Collections.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.