SCCM Create Configuration Baselines
In this article I am going to show you how to use on compliance feature in SCCM, before going deep dive let discuss for what we need it at all.
Using compliance feature we are able to identify and recognized some data, parameters and values on our computers over the organization and generate necessary reports for IT needs.
What kind of data can we compliance get work with
We can create compliance of folder existence, registers, SQL Query, IIS metadata, AD Query and even scrips.
Trying to think about many situations of internal requirements, such as, need all computers with certain folder name, need all computers certain file, or even list of computers with specific register value, GPO and many useful things.
- – You can generate a report of compliant and non-compliant data
- – You always can import some of compliance settings on SCCM.
- – Make sure Win FW not blocks you.
- – You should have client policy which enable the compliance.
In order to demonstrate you the compliance ability I will create simple register value on my computer and then we will create compliance item and run it.
Let’s open SCCM and go to “Assets and Compliance”
Open Compliance Settings > “Configuration Items” > Create Configuration Item: > New:
Name: Registry
Next:
Settings have to fill the Registry path and value name:
Next to Compliance Rules > New:
Selected properties and choose our item and Set the Selected Settings to “Existential” and set rule of “Registry value must exist on clients”:
Click Ok and again Ok.
you will get these:
Continue with next:
You can see that we created new Register item on SCCM.
The second action we have to initiate is creating “Baseline”, at the same windowsת click on “Configuration baselines”> Create:
Set a name, and click on add, into drop option we have choose on “Configuration Items”:
And now it time to deploy them to client,
Right click and click on Deploy:
Select collection and Ok.:
That’s all, now you can go to your client and see this under configuration manager
You can run machine policy on “Actions” tab to speed up policy, and then you will see the compliance on “configuration tab“:
Click on “Evaluate” & “Refresh” and then you will see the last evaluation time:
Click on view report:
Compliant😊
You also can use on built-in report on SCCM, you will get comprehensive numbers for your clients and baselines compliances reports:
\Monitoring\Overview\Reporting\Reports\Compliance and Settings Management
