0
0
PowerShellscripting~10 mins

Configuration drift detection in PowerShell - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Configuration drift detection
Start: Define desired config
Get current system config
Compare desired vs current
No drift
End: Report
The script defines what the system should look like, checks the current state, compares both, and reports if there is any difference (drift).
Execution Sample
PowerShell
$desired = @{Service='wuauserv'; State='Running'}
$current = Get-Service -Name wuauserv
if ($current.Status -ne $desired.State) {
  Write-Output 'Drift detected'
} else {
  Write-Output 'No drift'
}
This script checks if the Windows Update service is running as desired and reports if there is a configuration drift.
Execution Table
StepActionVariable/ValueConditionOutput
1Define desired config$desired = @{Service='wuauserv'; State='Running'}N/AN/A
2Get current service status$current.Status = 'Stopped'N/AN/A
3Compare current.Status with desired.State'Stopped' -ne 'Running'TrueN/A
4Drift detected branchN/AN/ADrift detected
5EndN/AN/AScript ends
💡 Script ends after reporting drift because current service state differs from desired.
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3Final
$desiredundefined@{Service='wuauserv'; State='Running'}@{Service='wuauserv'; State='Running'}@{Service='wuauserv'; State='Running'}@{Service='wuauserv'; State='Running'}
$current.StatusundefinedundefinedStoppedStoppedStopped
Key Moments - 2 Insights
Why do we compare $current.Status with $desired.State instead of $current directly?
Because $current is an object with many properties, we only need to compare the specific property 'Status' to the desired 'State'. See execution_table step 3.
What happens if the service is already running?
The condition in step 3 becomes false, so the script outputs 'No drift' instead of 'Drift detected'.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the value of $current.Status after step 2?
ARunning
BPaused
CStopped
DUndefined
💡 Hint
Check the 'Variable/Value' column in row with Step 2.
At which step does the script decide there is a configuration drift?
AStep 1
BStep 4
CStep 2
DStep 3
💡 Hint
Look for the row where output is 'Drift detected' in the execution_table.
If the desired state was 'Stopped' instead of 'Running', what would be the output?
ANo drift
BDrift detected
CError
DScript hangs
💡 Hint
Compare $desired.State and $current.Status values in variable_tracker.
Concept Snapshot
Configuration drift detection:
- Define desired state as a hashtable
- Get current system state
- Compare current vs desired
- If different, report drift
- Else, report no drift
Full Transcript
This script checks if a system configuration matches what we want. First, it sets the desired state for a service. Then, it gets the current state of that service. Next, it compares the current state to the desired state. If they differ, it prints 'Drift detected'. If they match, it prints 'No drift'. This helps keep systems consistent by spotting changes that shouldn't happen.