Have you ever felt the pain of trying to automate configmgr enhanced detection methods / enhanced detection rules using PowerShell? I know. it hurts. It feels like scripting VBS in notepad like in the old days: It makes me cry blood!

sccm enhanced detection method


But search no more. We got your back!

How to create a ConfigMgr enhanced detection method with powershell?

Here are two gists that will help to create the SCCM application deployment type enhanced detection method. Please fork, and contribute, to avoid that any other system engineer looses his sight while scripting ConfigMgr.

And here is the Set-SCCMDetectionRuleForDeploymentType that will allow you to add sccm enhanced detection method to an existing application.

I’ll try to update the functions with the missing parts if have a chance. But, if you happen to have already written sccm enhanced detection rule / sccm enhanced detection method for one of the following types:

  • Folder
  • MSI
  • Assembly

Don’t hesistate to participate and contribute to the code above 🙂

My configmgr application deployment type enhanced detection method/ enhanced detection rule does not work?!

These functions will only work if you load the correct DLL’s first. For that I have written the following function. Simply call the function at the top at your script (or prior to calling one of the above functions).

Feel free to fork and contribute to improve the automation process of the Configmgr application deployment type enhanced detection method.


Don’t miss these interesting sources to learn more about configmgr enhanced detection methods!

Some other interesting sources concerning configmgr enhanced detection methods. Some of them really helped in understanding how all of this works, and helped me creating the functions above

Lauries Rhodes excellent article to create configmgr enhanced detection methods –> Here 

Peter Hinchley blog post on how to create file based detection method –> Here

If you are into Csharp, you should defenitly look into the following blog post of Adam Meltzer –> Here

But the biggest of the kuddos goes to Rob Looman which found the Csharp hack –> here

By | 2016-10-19T21:00:12+00:00 June 21st, 2016|ConfigMgr 2012, PowerShell|13 Comments

About the Author:

Stéphane is a dynamic and passionate Cloud and datacenter Microsoft MVP since. He is the founder of the Basel PowerShell user Group (BPUG), the co-founder of the French Speaking PowerShell UserGroup (FRPSUG), author, blogger, and received the community award "PowerShell Hero" from PowerShell.org. Stéphane has implemented microsoft infrastructure solutions in various countries of Europe and is currently working in Basel / Switzerland. Stéphane help his clients to reduce their global infrastructure costs by implementing Microsft infrastructure solutions by combining great products such as System Center, Windows Server, with heavy automation using Windows PowerShell. Stéphane loves languages, Belgium beer, French cheese and French Wine. If any of these topics are of your interest, don't hesitate to come and say hi.


  1. Steve April 11, 2017 at 4:57 pm - Reply

    Could you please provide some examples of usage for this? Appreciate the code, but as a casual reader, I have no idea how to use or implement it in SCCM Shell. Does it prompt for input? do you put in input as parameters? What format are they put in? Can you have it read a CSV file? All of this would be appreciated.

  2. João Torres January 16, 2017 at 11:55 am - Reply

    Hi, I really apreciate your hard work to do that amazing function to set enhanced detection methods. I’m working on a powershell script to automate the process to import applications to the sccm console, the worst part of the process is the detection method of the apps because I have apps with registry detection, file detection and MSI base detection. I have done the msi and file system base detection but I don’t know how can I set a registry base detection via powershell.

    Note: In the final version of the script I will use a INI file to get the values of the dections methods, but for now I just want to know How can I apply your function to set the enhanced detection methods. Or If anybody know how can I set a registry base detection rule from powershell.

    Best Regards

  3. Ludovic November 28, 2016 at 1:44 pm - Reply

    Hi Jonathan.
    It seems to be what i’m looking for but there is some issues to get the existing detection method.
    $DT.DetectionMethod doesn’t seem to work…
    Do you have time to see why?
    Thank you very much!

  4. Ludovic November 16, 2016 at 4:35 pm - Reply

    Hi Jonathan,
    Do you know how to add a second detection method without deleting the existing ?
    Thank you in advance !

    • Ludovic November 17, 2016 at 10:28 am - Reply

      Hello Stephane,
      I was not very clear and i think i have not detailed enough my issue in my last post.

      Deepak gave me your blog as reference, and maybe you can help me, because i’m losing my sight too 🙁

      My goal is : In Powershell, I want to add a SECOND rule to the detection method in my applications.
      Your functions works perfectly but delete the existing clause in the detection method.

      I wanna know if you know a solution to add a second rule without deleting the first one.

      Thank you in advance.


      • Stephane November 18, 2016 at 9:55 pm - Reply

        Hi Ludovic, sorry for the late reply. Have you tried using the Set-SCCMDetectionMethodForDeploymentType function above?

        • Ludovic November 28, 2016 at 11:56 am - Reply

          Hello Stephane,
          Yes i’ve tried it but the new rule replace my existing rule and my goal is to add another one.
          I’m very close from what i’m looking for ! 🙂
          I continue !
          Thank you !

    • Jonathan Walz November 19, 2016 at 4:00 am - Reply

      Hi Ludovic,

      This is code is taken from a larger script but it will create one or more enhanced detection methods for one or more existing deployment types. I wasn’t able to paste the code into the comments without getting an error so here’s a link.


      I didn’t have much time to pull this code out so please let me know if something is missing.

  5. Jonathan Walz July 27, 2016 at 7:21 pm - Reply

    If you only need to create a Enhanced Detection Method based on ProductCode you can do it easily like this if you have a recent version of the SCCM Cmdlets available:

    Set-CMMsiDeploymentType -ApplicationName $ApplicationName -DeploymentTypeName $DeploymentTypeName -ProductCode $ProductCode

    WARNING: If you have any existing Enhanced Detection Methods they will be removed and replaced with this new Detection Method!

  6. Jonathan Walz July 27, 2016 at 4:47 pm - Reply

    #Requires $ProductCode in the Parameter block of the function

    $msiSetting = New-Object Microsoft.ConfigurationManagement.DesiredConfigurationManagement.MSISettingInstance($ProductCode, $null)
    $msiDataType = [Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Expressions.DataType]::Int64
    $msiConstValue = New-Object Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Expressions.ConstantValue(‘0’, $msiDataType)

    $msiSettingRef = New-Object Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Expressions.SettingReference(

    $msiSettingRef.MethodType = [Microsoft.ConfigurationManagement.DesiredConfigurationManagement.ConfigurationItemSettingMethodType]::Count
    $msiOperands = new-object Microsoft.ConfigurationManagement.DesiredConfigurationManagement.CustomCollection1[[Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Expressions.ExpressionBase]]
    $msiExpression = new-object Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Expressions.Expression(
    [Microsoft.ConfigurationManagement.DesiredConfigurationManagement.ExpressionOperators.ExpressionOperator]::NotEquals, $msiOperands)

    $oRule = new-object Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.Rule(“IsInstalledRule”,
    [Microsoft.SystemsManagementServer.DesiredConfigurationManagement.Rules.NoncomplianceSeverity]::$NoncomplianceSeverity, $null, $msiExpression)
    if ($oRule -ne $null) { write-verbose ” rule object Created”} else {write-warning ” rule object Creation failed”; exit}

    $oEnhancedDetection.Rule = $oRule


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: