Merge branch 'master' of https://github.com/microsoft/shell-intune-sa…

…mples
microsoft · Jun 14, 2024 · 80604e0 · 80604e0
2 parents 1626ed8 + 4539e7c
commit 80604e0
Showing 1 changed file with 50 additions and 43 deletions.
diff --git a/Linux/WSL/WSL Management Example/WSLDistroVersionCompliance.ps1 b/Linux/WSL/WSL Management Example/WSLDistroVersionCompliance.ps1
@@ -1,4 +1,4 @@
-##
+##
 ## Compliance script used to calculate compliance against WSL distros based on Distro and Distro Version
 ##
 
@@ -27,60 +27,67 @@ $compliantDistroValues = [System.Collections.ArrayList]@()
 # Require last check in time to be within a certain number of days e.g.60 days
 $compliantLastCheckInTimeout = 60
 
-# Pull list of user ids from registry
-$userIds = Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Intune\WSLManagement' | Select-Object Name
-
-# Put together a list of all the distros across users
-$distroIds = [System.Collections.ArrayList]@()
-foreach ($id in $userIds)
-{
-    $id.Name = $id.Name.Replace('HKEY_LOCAL_MACHINE', 'HKLM:')
-    $usersDistroIds = Get-ChildItem -Path $id.Name | Select-Object Name
+$isCompliant = $true
+try {
+    # Pull list of user ids from registry
+    $userIds = Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Intune\WSLManagement' | Select-Object Name
 
-    foreach($usersDistroId in $usersDistroIds)
+    # Put together a list of all the distros across users
+    $distroIds = [System.Collections.ArrayList]@()
+    foreach ($id in $userIds)
     {
-        [void]$distroIds.Add($usersDistroId.Name)
-    }
-}
+        $id.Name = $id.Name.Replace('HKEY_LOCAL_MACHINE', 'HKLM:')
+        $usersDistroIds = Get-ChildItem -Path $id.Name | Select-Object Name
 
-# Create compliant last check in date
-$compliantDate = Get-Date 
-$compliantDate = $compliantDate.AddDays($compliantLastCheckInTimeout * -1).ToUniversalTime()
+        foreach($usersDistroId in $usersDistroIds)
+        {
+            [void]$distroIds.Add($usersDistroId.Name)
+        }
+    }
 
-# Check compliance of all distros 
-$isCompliant = $true
-foreach($distroId in $distroIds) 
-{
-    $name = $distroId.Replace('HKEY_LOCAL_MACHINE', 'HKLM:')
-    $distro = Get-ItemPropertyValue -Path $name -Name Distro
-    $distroVersion = Get-ItemPropertyValue -Path $name -Name Version
-    $lastCheckin = Get-ItemPropertyValue -Path $name -Name LastCheckinTime
+    # Create compliant last check in date
+    $compliantDate = Get-Date 
+    $compliantDate = $compliantDate.AddDays($compliantLastCheckInTimeout * -1).ToUniversalTime()
 
-    # Convert and check last check in time
-    $lastCheckin = Get-Date -Date $lastCheckin
-    if ($lastCheckin -lt $compliantDate)
+    # Check compliance of all distros 
+    foreach($distroId in $distroIds) 
     {
-        $isCompliant = $false
-        break
-    }
+        $name = $distroId.Replace('HKEY_LOCAL_MACHINE', 'HKLM:')
+        $distro = Get-ItemPropertyValue -Path $name -Name Distro
+        $distroVersion = Get-ItemPropertyValue -Path $name -Name Version
+        $lastCheckin = Get-ItemPropertyValue -Path $name -Name LastCheckinTime
 
-    # Check that disto and version meet compliance requirements
-    $compliantDistro = $compliantDistroValues.where({$_.distro.ToLower() -eq $distro.ToLower()})
-    if ($compliantDistro -ne $null)
-    {
-        $min = $compliantDistro.minVersion
-        $max = $compliantDistro.maxVersion
-        if ($distroVersion -lt $min -or $distroVersion -gt $max)
+        # Convert and check last check in time
+        $lastCheckin = Get-Date -Date $lastCheckin
+        if ($lastCheckin -lt $compliantDate)
+        {
+            $isCompliant = $false
+            break
+        }
+
+        # Check that disto and version meet compliance requirements
+        $compliantDistro = $compliantDistroValues.where({$_.distro.ToLower() -eq $distro.ToLower()})
+        if ($compliantDistro -ne $null)
+        {
+            $min = $compliantDistro.minVersion
+            $max = $compliantDistro.maxVersion
+            if ($distroVersion -lt $min -or $distroVersion -gt $max)
+            {
+                $isCompliant = $false
+                break
+            }
+        }
+        else
         {
             $isCompliant = $false
             break
         }
     }
-    else
-    {
-        $isCompliant = $false
-        break
-    }
+}
+catch {
+    # Default to compliant if there are any issues reading registry keys
+    $jsonOutput += @{ WSLInstancesComplianceStatus = "Compliant" }
+    return $jsonOutput | ConvertTo-Json -Compress
 }
 
 if ($isCompliant)