question

VMWARE-7684 avatar image
0 Votes"
VMWARE-7684 asked VMWARE-7684 answered

SCCM Baseline Compliance - Auditpol /get /category:"Policy Change" output subject/titles showing as non-compliance

Dear Support

I have the following issue with SCCM Baseline Compliant.

For SCCM Baseline compliance when set for the Baseline Compliant Item
Set to check with Script auditpol /get /category:"Policy Change"
But get compliance report, under the Expression, it is showing all the titles and subtitle as the results.

How can i get the Baseline Compliant to pull out only eg Authentication Policy Change showing Success and Failure is enabled and setting Compliance Rule to determine it is compliant or non-compliant.

Currently, my script above just pull out all the settings as per the output below.

136450-image.png

Compliant Report
136591-image.png

The Auditpol.exe when get the Category will shows all the subcategory settings. I need to able to tackle a particular subcategory and to able to get the result whether Success and Failure are in place with the compliance rules to check if it compliant or not. How can I go about it with PowerShell for individual subcategory instead of the result in the table above which are incorrect as all the titles names are also inside the evaluation.

PS C:\Windows\system32> auditpol /get /category:"Policy Change"
System audit policy
Category/Subcategory Setting
Policy Change

Authentication Policy Change Success and Failure
Authorization Policy Change Success and Failure
MPSSVC Rule-Level Policy Change Success and Failure
Filtering Platform Policy Change Success and Failure
Other Policy Change Events Success and Failure
Audit Policy Change Success and Failure

The above result, those in bold are the subject/titles which in the previous image all are being listed as entries which are not correct.

Kindly help.



windows-server-powershellwindows-group-policywindows-server-security
image.png (23.6 KiB)
image.png (78.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @VMWARE-7684,

In this case, use the Monitoring workspace in the Configuration Manager console to view the properties of the configuration item and its validation criteria.

I would like to recommend you the next article into compliance settings: hope it helps:

https://docs.microsoft.com/en-us/mem/configmgr/compliance/deploy-use/monitor-compliance-settings

Hope this helps with your query,


--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VMWARE-7684 avatar image
0 Votes"
VMWARE-7684 answered

Thanks for your response,

What i would need is the PowerShell command to get the baseline compliance for the AuditPol for Policy Change. I need to use it for generate report for all servers whether they are audit for Success or Failure etc.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.