Creating and Comparing Configuration Baselines

There are a few simple facts about PowerShell that, when taken individually, don't seem like much. For example, it can export objects to XML files. It can also compare one set of objects to another and show you the differences. But taken together, those two little facts can be quite powerful.

Let's start with an example that might not seem all that useful at first. 

Get-Process | Export-CliXML c:procs.xml
Now you have a snapshot of the processes running on your system, saved in an XML file. Let's say you do this on a server, where the running processes should be pretty predictable and unchanging. That XML file is a baseline - and you can get PowerShell to show you variations. Sometime later, go back and run this:

Compare-Object (Import-CliXML c:procs.xml) (Get-Process)
Hmm. Not useful - because most of a process' properties, like memory and CPU usage, are constantly changing. Let's narrow that down so that, rather than comparing the entire object, we're just looking at process names.

Compare-Object (Import-CliXML c:procs.xml) (Get-Process) -property Name
Now that's useful. The output will show any differences between those two sets. So this is a neat example - but the real magic is that PowerShell can do this with just about anything. Query service information via WMI, for example. OS configuration information. Memory configuration. You name it. For example:

Get-WmiObject Win32_OperatingSystem | Export-CliXML c:os_baseline.xmlCompare-Object (Import-CliXML c:os_baseline.xml) (Get-WmiObject Win32_OperatingSystem)
Ideally, you don't want to see any differences - but if you do, it tells you that something has changed. This is the pattern to use with almost any cmdlet or WMI class: Export it to a CliXML file. Then, when you're ready to compare, run the same command again as one of the inputs to Compare-Object, with the other input being the import of that previously-created CliXML file.

What sorts of things would YOU baseline and compare?