Bird
Raised Fist0
PowerShellscripting~5 mins

Configuration drift detection in PowerShell

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

Configuration drift detection helps you find changes in system settings that were not planned. It keeps your computers and servers consistent and safe.

You want to check if a server's settings have changed after a software update.
You need to verify that all computers in your office have the same security settings.
You want to find out if someone accidentally changed a configuration on a critical machine.
You want to compare current system settings to a saved baseline to spot differences.
Syntax
PowerShell
Compare-Object -ReferenceObject <baseline> -DifferenceObject <current> [-Property <property>] [-IncludeEqual] [-PassThru]

Compare-Object is the main command to find differences between two sets of data.

You usually compare a saved baseline configuration to the current system configuration.

Examples
Compare two lists and show what is different.
PowerShell
Compare-Object -ReferenceObject $baseline -DifferenceObject $current
Compare only specific properties like Name and Value.
PowerShell
Compare-Object -ReferenceObject $baseline -DifferenceObject $current -Property Name,Value
Show both differences and items that are the same.
PowerShell
Compare-Object -ReferenceObject $baseline -DifferenceObject $current -IncludeEqual
Sample Program

This script creates a sample baseline of configuration settings, simulates a change, then compares the baseline to the current settings. It prints what changed or was removed.

PowerShell
# Save baseline configuration
$baseline = @([PSCustomObject]@{Name='Name'; Value='OriginalValue'})

# Get current configuration
$current = @([PSCustomObject]@{Name='Name'; Value='OriginalValue'})

# Simulate a change by modifying current
$current[0].Value = 'ChangedValue'

# Compare baseline and current
$diff = Compare-Object -ReferenceObject $baseline -DifferenceObject $current -Property Name,Value

# Show differences
$diff | ForEach-Object {
    if ($_.SideIndicator -eq '=>') {
        Write-Output "Changed or added: $($_.Name) = $($_.Value)"
    } elseif ($_.SideIndicator -eq '<=') {
        Write-Output "Removed or changed: $($_.Name) = $($_.Value)"
    }
}
OutputSuccess
Important Notes

Always save a baseline configuration before changes happen to compare later.

Compare-Object shows differences with SideIndicator: '=>' means new or changed in current, '<=' means missing or changed in baseline.

Use Select-Object to pick only the properties you want to compare.

Summary

Configuration drift detection finds unexpected changes in system settings.

Use Compare-Object in PowerShell to compare baseline and current configurations.

Review differences to keep systems consistent and secure.

Practice

(1/5)
1. What is the main purpose of configuration drift detection in PowerShell?
easy
A. To delete temporary files from the system
B. To find unexpected changes in system settings
C. To create new user accounts on a system
D. To install new software updates automatically

Solution

  1. Step 1: Understand configuration drift detection

    Configuration drift detection is about identifying changes that were not planned or expected in system settings.

  2. Step 2: Match the purpose with options

    Among the options, only finding unexpected changes matches the purpose of configuration drift detection.

  3. Final Answer:

    To find unexpected changes in system settings -> Option B

  4. Quick Check:

    Configuration drift detection = find unexpected changes [OK]
Hint: Remember: drift means unexpected changes [OK]
Common Mistakes:
  • Confusing drift detection with software installation
  • Thinking it manages user accounts
  • Assuming it cleans files automatically
2. Which PowerShell command is used to compare baseline and current configurations for drift detection?
easy
A. Compare-Object
B. Get-Content
C. Set-Item
D. New-Item

Solution

  1. Step 1: Identify the command for comparing objects

    PowerShell's Compare-Object command compares two sets of data, perfect for detecting differences.

  2. Step 2: Eliminate unrelated commands

    Get-Content reads files, Set-Item changes values, New-Item creates items. None compare data sets.

  3. Final Answer:

    Compare-Object -> Option A

  4. Quick Check:

    Compare-Object compares configurations [OK]
Hint: Use Compare-Object to spot differences fast [OK]
Common Mistakes:
  • Using Get-Content instead of Compare-Object
  • Confusing Set-Item with comparison
  • Trying New-Item to detect drift
3. Given these two arrays in PowerShell:
$baseline = @('Setting1', 'Setting2', 'Setting3')
$current = @('Setting1', 'Setting2', 'Setting4')

What will be the output of Compare-Object $baseline $current?
medium
A. Setting1 and Setting2 are different
B. No differences found
C. Setting3 is in baseline only; Setting4 is in current only
D. Error: Cannot compare arrays

Solution

  1. Step 1: Compare the two arrays

    Baseline has Setting3; current has Setting4 instead. Setting1 and Setting2 are common.

  2. Step 2: Understand Compare-Object output

    It shows items only in one array with a side indicator. So Setting3 appears only in baseline, Setting4 only in current.

  3. Final Answer:

    Setting3 is in baseline only; Setting4 is in current only -> Option C

  4. Quick Check:

    Compare-Object shows differences = Setting3 is in baseline only; Setting4 is in current only [OK]
Hint: Look for items unique to each list [OK]
Common Mistakes:
  • Assuming no differences when there are
  • Thinking common items show as differences
  • Expecting an error from Compare-Object
4. You run this PowerShell command to detect drift:
Compare-Object $baseline $current -Property Name

But you get an error saying property 'Name' does not exist. What is the likely cause?
medium
A. The objects in $baseline and $current do not have a 'Name' property
B. Compare-Object cannot compare properties
C. You must use -IncludeEqual to avoid errors
D. The arrays are empty

Solution

  1. Step 1: Understand the -Property parameter

    -Property expects objects with that property to compare by it.

  2. Step 2: Check the data type of arrays

    If arrays contain strings, they have no 'Name' property, causing the error.

  3. Final Answer:

    The objects in $baseline and $current do not have a 'Name' property -> Option A

  4. Quick Check:

    Property error means missing property in objects [OK]
Hint: Check object properties before using -Property [OK]
Common Mistakes:
  • Thinking Compare-Object can't compare properties
  • Believing -IncludeEqual fixes property errors
  • Assuming empty arrays cause this error
5. You want to detect configuration drift by comparing two JSON files representing system settings. Which PowerShell approach correctly detects drift?
hard
A. Import both JSON files with Get-Content and compare strings directly
B. Use Get-Content with -Raw and compare with -eq operator
C. Manually open files and visually check for differences
D. Use ConvertFrom-Json on both files, then Compare-Object on resulting objects

Solution

  1. Step 1: Understand JSON comparison needs

    Comparing JSON as strings can fail due to formatting differences; converting to objects is better.

  2. Step 2: Use ConvertFrom-Json and Compare-Object

    ConvertFrom-Json parses JSON into objects; Compare-Object can then detect differences in properties.

  3. Final Answer:

    Use ConvertFrom-Json on both files, then Compare-Object on resulting objects -> Option D

  4. Quick Check:

    Convert JSON to objects before comparing [OK]
Hint: Parse JSON to objects before comparing [OK]
Common Mistakes:
  • Comparing raw JSON strings directly
  • Using -eq operator for complex objects
  • Relying on manual visual checks