The Desired Configuration Monitoring Solution (DCM Solution) ignores any rules under a Setting if the Setting does not exist. Let us take the case where you are trying to figure out the version of a file and do a compliance check on the same. If the file does not exist at all, it might be alarming to you. However, the DCM Solution does not warn you if the file was missing. But then what happens to the rule you created to check for the version of the file? Well, pretty simple. The rule is ignored. The DCM engine has been written in such a way, that it ignores any rules under a Setting if the Setting were not found. This is by design.
For more details on this behavior, please refer to this earlier posting.
So, it would be a good idea to always check for the existence of the file in addition to checking for any other properties of the file. That way, you can be sure that if the file was not found, you would be alerted! Now, how do you check for the File Existence? That’s a good question! You should have come across a function called Exists in the Query Builder screen while creating an Active Rule under a WMI data source / Setting pair. However, that is completely specific to checking for existence of hot fixes in the WMI. Using that, you cannot check for File Existence. You would need to create a Count Rule to check for the File Existence. This is how you would do it:
Create a File System data source as follows:
Name: FS DS
Absolute Path: c:\sample.txt
Create a Setting under the File System data source as follows:
File Type: Last Modified Time (select this property from the drop down because it will apply to all kinds of files)
Create an Active Rule to check if the File Exists!
Rule Name: CheckFileExistence
Query Expression: count(LastModifiedTime)='0' (Click Build Rule Query -> In the Query Builder screen, select the count function from the functions dropdown. In the Expression dropdown, select the setting which is LastModifiedTime.)
Event Description: The File Sample.txt does not exist
Event ID: 123
The Rule you created above would alert you if the DCM Engine does not find the file. All you are trying to do here is get a handle to the file. And then check how many handles you got to the file. Ideally, if the file exists, it should be 1. But if the file does not exist, it will be 0 and that’s what the Query Expression above enforces.