Creating and Comparing Configuration Baselines

There are a few simple facts about PowerShell that, when taken individually, don't seem like much. For example, it can export objects to XML files. It can also compare one set of objects to another and show you the differences. But taken together, those two little facts can be quite powerful.

Let's start with an example that might not seem all that useful at first. 

Get-Process | Export-CliXML c:\procs.xml

Now you have a snapshot of the processes running on your system, saved in an XML file. Let's say you do this on a server, where the running processes should be pretty predictable and unchanging. That XML file is a baseline - and you can get PowerShell to show you variations. Sometime later, go back and run this:

Compare-Object (Import-CliXML c:\procs.xml) (Get-Process)

Hmm. Not useful - because most of a process' properties, like memory and CPU usage, are constantly changing. Let's narrow that down so that, rather than comparing the entire object, we're just looking at process names.

Compare-Object (Import-CliXML c:\procs.xml) (Get-Process) -property Name

Now that's useful. The output will show any differences between those two sets. So this is a neat example - but the real magic is that PowerShell can do this with just about anything. Query service information via WMI, for example. OS configuration information. Memory configuration. You name it. For example:

Get-WmiObject Win32_OperatingSystem | Export-CliXML c:\os_baseline.xml
Compare-Object (Import-CliXML c:\os_baseline.xml) (Get-WmiObject Win32_OperatingSystem)

Ideally, you don't want to see any differences - but if you do, it tells you that something has changed. This is the pattern to use with almost any cmdlet or WMI class: Export it to a CliXML file. Then, when you're ready to compare, run the same command again as one of the inputs to Compare-Object, with the other input being the import of that previously-created CliXML file.

What sorts of things would YOU baseline and compare?

Discuss this Blog Entry 4

on Sep 16, 2010
Thanks, pogotech! I'm always looking for other article ideas, too, so if you have any feel free to share, either in a comment her eon the blog, or to my Twitter handle @concentrateddon.
Arnold60 (not verified)
on Oct 12, 2010
Nice job!, You certainly are giving your visitors a lot of precious info. This blog will be a hit!
I just love blogging and as i get spare time from busy schedule i start working on it. Wonderful post, I really enjoyed reading it!

pogotech (not verified)
on Sep 7, 2010
This is very helpful, little bits of information like this are helpful in locking down a server and making sure the other servers that you are running are locked down the same.
Kevin Marquette (not verified)
on Sep 29, 2010
Thanks for this idea. I added creating a baseline to our server maintenance procedures. So far I get services, processes, local group membership, open ports, and an ipconfig for good measure.

I figure I can use this information later when tracking down strange processes or services.

Please or Register to post comments.

What's PowerShell with a Purpose Blog?

Don Jones demystifies Windows PowerShell.

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×