Check if a File Exists using the Desired Configuration Monitoring Solution


The Desired Configuration Monitoring Solution (DCM Solution) ignores any rules under a Setting if the Setting does not exist. Let us take the case where you are trying to figure out the version of a file and do a compliance check on the same. If the file does not exist at all, it might be alarming to you. However, the DCM Solution does not warn you if the file was missing. But then what happens to the rule you created to check for the version of the file? Well, pretty simple. The rule is ignored. The DCM engine has been written in such a way, that it ignores any rules under a Setting if the Setting were not found. This is by design.


 


For more details on this behavior, please refer to this earlier posting.


 


So, it would be a good idea to always check for the existence of the file in addition to checking for any other properties of the file. That way, you can be sure that if the file was not found, you would be alerted! Now, how do you check for the File Existence? That’s a good question! You should have come across a function called Exists in the Query Builder screen while creating an Active Rule under a WMI data source / Setting pair. However, that is completely specific to checking for existence of hot fixes in the WMI. Using that, you cannot check for File Existence. You would need to create a Count Rule to check for the File Existence. This is how you would do it:


 


Create a File System data source as follows:


Name: FS DS


Absolute Path: c:\sample.txt


 


Create a Setting under the File System data source as follows:


File Type: Last Modified Time (select this property from the drop down because it will apply to all kinds of files)


 


Create an Active Rule to check if the File Exists!


Rule Name: CheckFileExistence


 


Query Expression: count(LastModifiedTime)=’0′ (Click Build Rule Query -> In the Query Builder screen, select the count function from the functions dropdown. In the Expression dropdown, select the setting which is LastModifiedTime.)


 


Event Description: The File Sample.txt does not exist


Event ID: 123


Severity: Error


 


The Rule you created above would alert you if the DCM Engine does not find the file. All you are trying to do here is get a handle to the file. And then check how many handles you got to the file. Ideally, if the file exists, it should be 1. But if the file does not exist, it will be 0 and that’s what the Query Expression above enforces.


 

I have attached a sample manifest here for your reference. Thanks!

filecheck.xml

Comments (5)

  1. Dan Thomson says:

    After reviewing the tool and your sample file checker above, I am led to believe that DCM can only scan for files using an absolute path instead of something like %SystemRoot%notepad.exe.

    Is this correct?

  2. SaiKodi says:

    Yes. That is correct. DCM can scan for files using the absolute path of a file. However, one can use substitution for expanding variables. In the sense, one can create a Passive Rule to get the value and assign it to a variable using substitution. Later on, any other rule can use the substitution element to determine the absolute path of the file.

    In this particulat scenario, you can define a substituion variable for storing the value of System Root.

  3. Anonymous says:

    I’m having trouble getting a CI to work properly when checking a file for a particular LastModifiedTime.  The job starts and finishes successfully, but it never seems to check the LastModifiedTime.  I am using the following format for the date (per MS online dicumentation).

    ‘mm/dd/yyyy hh.mm.ss’

    Is this correct?  -or- does anyone have any guidance on this type of query?

    Thanks – BH

  4. saikodi says:

    Can u please post your xml file in here? I can give it a try. You can also send me an email through my blog.

    Which ever way u prefer…

    Thanks,

    Sai Kodi

  5. saikodi says:

    Here is a sample CI which checks for the Last Modified time of a file called readMe.txt located in the C drive.

    Observe that I have used an overidden Desired value in this case for logging the desired value. This file will only work with DCM v 2.0.

    ———————————-

    <?xml version=”1.0″ encoding=”Windows-1252″?>

    <BestPracticesConfiguration>

    <Configuration ConfigName=”file_CI Configuration” ConfigVersion=”1.0.0.0″>

    <ObjectProcessor ObjectType=”Group” Assembly=”BPA.Common.dll” Class=”Microsoft.WindowsServerSystem.BestPracticesAnalyzer.Common.GroupObjectProcessor” />

    <ObjectProcessor ObjectType=”Directory” Assembly=”BPA.ConfigCollector.dll” Class=”Microsoft.WindowsServerSystem.BestPracticesAnalyzer.Extensions.DirectoryObjectProcessor” />

    <ObjectProcessor ObjectType=”Registry” Assembly=”BPA.ConfigCollector.dll” Class=”Microsoft.WindowsServerSystem.BestPracticesAnalyzer.Extensions.RegistryObjectProcessor” />

    <ObjectProcessor ObjectType=”SQL” Assembly=”BPA.ConfigCollector.dll” Class=”Microsoft.WindowsServerSystem.BestPracticesAnalyzer.Extensions.SQLObjectProcessor” />

    <ObjectProcessor ObjectType=”File” Assembly=”BPA.ConfigCollector.dll” Class=”Microsoft.WindowsServerSystem.BestPracticesAnalyzer.Extensions.FileObjectProcessor” />

    <ObjectProcessor ObjectType=”Metabase” Assembly=”BPA.ConfigCollector.dll” Class=”Microsoft.WindowsServerSystem.BestPracticesAnalyzer.Extensions.MetabaseObjectProcessor” />

    <ObjectProcessor ObjectType=”WMI” Assembly=”BPA.ConfigCollector.dll” Class=”Microsoft.WindowsServerSystem.BestPracticesAnalyzer.Extensions.WMIObjectProcessor” />

    <ObjectProcessor ObjectType=”Cache” Assembly=”BPA.Common.dll” Class=”Microsoft.WindowsServerSystem.BestPracticesAnalyzer.Common.CacheObjectProcessor” />

    <RuleProcessor ObjectType=”1″ Assembly=”BPA.Common.dll” Class=”Microsoft.WindowsServerSystem.BestPracticesAnalyzer.Common.MainRuleProcessor” />

    <IssueProcessor ObjectType=”WMIEvents” Assembly=”DCMIssueProcessor.dll” Class=”DCMIssueProcessor.WMIIssueProcessor” />

    <IssueProcessor ObjectType=”NTEvents” Assembly=”DCMIssueProcessor.dll” Class=”DCMIssueProcessor.EventLogIssueProcessor” />

    <ExtFunction Name=”checkacl” Assembly=”DCMFunctions.dll” Class=”DCMFunctions.SecFunctions” Function=”checkacl” Returns=”Boolean” Parameters=”String,String” />

    </Configuration>

    <Object Type=”File” Name=”File1″ Key2=”c:readme.txt” Key5=”Files” Key4=”Base”>

    <Setting Key1=”LastModifiedTime”>

    <!–AdvancedQuery=0–>

    <Rule Name=”CalculateDifference” AlwaysEvaluate=”True” Query=”date-difference($.,’10/31/2006 05:35:00 PM’)” />

    <!–AdvancedQuery=0–>

    <Rule Name=”GetDifferenceinSeconds” AlwaysEvaluate=”True” Query=”get-seconds($CalculateDifference)” />

    <!–AdvancedQuery=0–>

    <Rule Name=”CheckLastModifiedTime” AlwaysEvaluate=”True” Query=”$GetDifferenceinSeconds &gt; ‘0’” Text=”The Readme.txt file was modified after Oct 31 5:35 PM.” EventID=”1000″ Severity=”Error” P1=”‘0′” P9=”‘Oct 31 5:35 PM'” />

    </Setting>

    </Object>

    </BestPracticesConfiguration>

    ———————————-

    Thanks,

    Sai Kodi