Start Windows Update Service Compliance item

, ,

I have seen some environments where they only monitor services but not force them to restart. The logic in here can be used for any other service needed. This is especially helpful for the McAfee Framework Agent and WDS Service in the event the service has stopped. You are able to download a copy of the functional compliance item at the bottom of this post.

First we will stop the service and verify in a number of ways that the service is not running.

1. Powershell

get-service -serviceName wuauserv

2. Launching Services.MSC & searching for Windows Update

3. WMI Explorer

Creating the configuration item

Discovery Script

If ((get-service -name wuauserv).status -eq “Running”) {write-host “true”} Else {write-host “false”}

Remediation Script

get-service -name wuauserv | start-service

Compliance Setting

Create your own configuration baseline and associate it with the configuration we just created.

On my test machine you can see from the earlier screenshots that we WUAUServ was not running. This is reflected as “Not Compliant” in my evaluation.

Select Evaluate and after a refresh I see the system is now compliant meaning this service has been started.

You can track the Compliance item in the log files below.
DCMAgent.log: Records high-level information about the evaluation, conflict reporting, and remediation of configuration items and applications.
CIAgent.log: Records details about the process of remediation and compliance for compliance settings, software updates, and application management.
CMReporting.log : Records information about reporting policy platform results into state messages for configuration items.
DcmWmiProvider.log Records information about reading configuration item synclets from Windows Management Instrumentation (WMI).

EXTRA: I love status messages so here is how you check that.

From SCCM Console search for your compliance Item and make sure you grab the CI Unique ID

Open up the StateMesage.log and filter for the below

ScopeId_01789456-9F45-4C97-B8D3-208DBBEDBE63/Baseline_68d9296a-2d53-4b13-9bc9-ee5dcccee6bf/2

Please follow the link below to my TechNet page where you can download this compliance item.
https://gallery.technet.microsoft.com/Restart-Service-via-fa177663

ALSO SEE : SQL Query BIOS PASSWORD ON SYSTEMS (Dell and HP)