What is Configuration drift detection in PowerShell?

PowerShellscripting~5 mins

Configuration drift detection in PowerShell

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Configuration drift detection helps you find changes in system settings that were not planned. It keeps your computers and servers consistent and safe.

You want to check if a server's settings have changed after a software update.

You need to verify that all computers in your office have the same security settings.

You want to find out if someone accidentally changed a configuration on a critical machine.

You want to compare current system settings to a saved baseline to spot differences.

Syntax

PowerShell

Compare-Object -ReferenceObject <baseline> -DifferenceObject <current> [-Property <property>] [-IncludeEqual] [-PassThru]

Compare-Object is the main command to find differences between two sets of data.

You usually compare a saved baseline configuration to the current system configuration.

Examples

Compare two lists and show what is different.

PowerShell

Compare-Object -ReferenceObject $baseline -DifferenceObject $current

Compare only specific properties like Name and Value.

PowerShell

Compare-Object -ReferenceObject $baseline -DifferenceObject $current -Property Name,Value

Show both differences and items that are the same.

PowerShell

Compare-Object -ReferenceObject $baseline -DifferenceObject $current -IncludeEqual

Sample Program

This script creates a sample baseline of configuration settings, simulates a change, then compares the baseline to the current settings. It prints what changed or was removed.

PowerShell

# Save baseline configuration
$baseline = @([PSCustomObject]@{Name='Name'; Value='OriginalValue'})

# Get current configuration
$current = @([PSCustomObject]@{Name='Name'; Value='OriginalValue'})

# Simulate a change by modifying current
$current[0].Value = 'ChangedValue'

# Compare baseline and current
$diff = Compare-Object -ReferenceObject $baseline -DifferenceObject $current -Property Name,Value

# Show differences
$diff | ForEach-Object {
    if ($_.SideIndicator -eq '=>') {
        Write-Output "Changed or added: $($_.Name) = $($_.Value)"
    } elseif ($_.SideIndicator -eq '<=') {
        Write-Output "Removed or changed: $($_.Name) = $($_.Value)"
    }
}

OutputSuccess

Important Notes

Always save a baseline configuration before changes happen to compare later.

Compare-Object shows differences with SideIndicator: '=>' means new or changed in current, '<=' means missing or changed in baseline.

Use Select-Object to pick only the properties you want to compare.

Summary

Configuration drift detection finds unexpected changes in system settings.

Use Compare-Object in PowerShell to compare baseline and current configurations.

Review differences to keep systems consistent and secure.