Compliance Settings SCCM 2. Satish Pandita Blogs. Compliance Setting in SCCM 2. Compliance Setting in SCCM 2. In this post, I will pick few examples on using Compliance settings including reporting and reviewing few log files to see the record process information. Log Files for Software Updates. Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center. Compliance Setting in SCCM 2012 Compliance Setting in SCCM 2012 is to asses and remediate the configuration and compliance of servers, workstations. Example. 1: Assess/track the file version and report Compliance or Non- Compliance, if the file version does not match the specified version that is targeted to a specific device collection that has 2 members. Start with Configuration Item that will contain the configuration settings. Go to “ Asset and Compliance–> Compliance Settings–> Configuration items”Right click and select “Create configuration Item” Enter/select the following values and click “Next”Select “Always assume application is installed”If you have an application that has an MSI you can also select “use Windows Installation Detection” Click “Next Following Screen will appear and click “New”After you click on “New” enter setting name and change setting type to “File System” and then click on Browse. When you click on “Browse”, connect to the computer that has the new version of the file and update the check boxes as below, then click on “ADD”Once you click on “Add” update the file property as below and click “ok” Click on “Compliance Rules” tab. On “Compliance Rules” tab, edit each rule and Change the “Severity” to Warning for each “Compliance Rule”Note: when you click on 2nd rule “version check”For Rule “Version check” At this point the configuration item is created. Next we will create the “Configuration Baseline” and in this “Configuration Baseline” add the configuration item that we created and deploy it to a collection for compliance evaluation. Deploy this Configuration Baseline to a “Collection”Click on “Run summarization”Now let us check the compliance evaluation/Reporting, which can be reviewed on the client and from the SCCM console. Evaluating Compliance on the client. On the client workstation Go to control panel–> Configuration Manager–> Actions and refresh “Machine policy Retrieval and Evaluation Cycle”Go to the “Configuration Tab”, you will see that configuration baseline is assigned to this computer. Click on “Evaluate” “Refresh” and then “View Report”On this Workstation since I am using older version of MSPAINT, it is shown as “Non- Compliant”The another workstation has the correct file version and is shown as “Compliant. Evaluating the compliance from SCCM Console. Launch Console, Go to Asset and Compliance- > Monitoring- > Alerts. Go to Monitoring- > Deployments. A variety of reports can be generated from: Monitoring- > Reporting- > Compliance and Setting Management. Example 2: In this example, we will use a Power. Shell Script to check a specific service and report on compliance/non- compliance. Scenario: If “Spooler Service” is running and the start mode is automatic, It is Compliant If Service is running and start mode is set to manual or disabled, it is non- compliant If service is not running and start mode is automatic or manual or disabled, it is non- Compliant Though you can remediate it also by having a remediation script, in this scenario I am not using that feature. Power. Shell script will be used to achieve this goal: function Check. Service . You can get these configuration packs from: http: //technet. US/applications/microsoft- security- compliance- manager- 1. Download Security Compliance Manager (SCM) from the above site and install it on any workstation/server. Launch SCM and export the desired Baseline to SCCM DCM 2. SCCM 2. 01. 2 console and importit under configuration baseline and tweak it based on your requirements. Deploy it to devices through collections and evaluate on a defined schedule. Few Log files to review the record process information on the site server and on the client. DCMAgent. log: Records high- level information about the evaluation, conflict reporting, and remediation of configuration items and applications. CIAgent. log: Records details about the process of remediation and compliance for compliance settings, software updates, and application management. Objective: According to Microsoft announcement: Support for older versions of Internet Explorer ended on January 12th, 2016, you should verify you Windows systems to. How To: Implement Patch. Install the patch on a test system to verify the ramifications of the. Set patch policies so that all your endpoints have the right patches at the right time. ZENworks Patch Management is up to 13x faster than manual processes. Dcm. Wmi. Provider. Records information about reading configuration item synclets from Windows Management Instrumentation (WMI).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2016
Categories |