question

VMWARE-7684 avatar image
0 Votes"
VMWARE-7684 asked LimitlessTechnology-2700 answered

SCCM Baseline Compliance - Auditpol /get category how to retieve individual subcategory for whether succes or failure are compliance.

I have the following issue with SCCM Baseline Compliant.

For SCCM Baseline compliance when set for the Baseline Compliant Item
Set to check with Script auditpol /get /category:"Policy Change"
But get compliance report, under the Expression, it is showing all the titles and subtitle as the results.

How can i get the Baseline Compliant to pull out only eg Authentication Policy Change showing Success and Failure is enabled and setting Compliance Rule to determine it is compliant or non-compliant.

Most of the searches are auditpol /set only

Currently, my script above just pull out all the settings as per the output below.

135327-image.png

135294-image.png


The Auditpol.exe when get the Category will shows all the subcategory settings. I need to able to tackle a particular subcategory and to able to get the result whether Success and Failure are in place with the compliance rules to check if it compliant or not. How can I go about it with PowerShell for individual subcategory instead of the result in the table above which are incorrect as all the titles names are also inside the evaluation.

PS C:\Windows\system32> auditpol /get /category:"Policy Change"

135334-image.png


So you see whatever output are listed in the compliant report as Expression Equal Success which is totally not what it meant to be. How can set the script so that it can check if the individual subcategory are set to Success and Failure and the compliant rule to check if it is compliant.

Kindly advise. Thank you


windows-server-powershell
image.png (25.4 KiB)
image.png (37.4 KiB)
image.png (12.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @VMWARE-7684,

The validation criteria fields in compliance settings report (the equivalent on the client-side report is Constraints) display the underlying Service Modeling Language (SML).

This can make it difficult for administrators who have authored the configuration item in the Configuration Manager console to understand what the validation criteria is if they do not have knowledge of SML.

In this case, use the Monitoring workspace in the Configuration Manager console to view the properties of the configuration item and its validation criteria.

Use the below link to Monitor compliance settings in Configuration Manager,

https://docs.microsoft.com/en-us/mem/configmgr/compliance/deploy-use/monitor-compliance-settings



Hope this answers all your queries, if not please do repost back.
If an Answer is helpful, please click "Accept Answer" and upvote it : )

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.