I have the following issue with SCCM Baseline Compliant.
For SCCM Baseline compliance when set for the Baseline Compliant Item
Set to check with Script auditpol /get /category:"Policy Change"
But get compliance report, under the Expression, it is showing all the titles and subtitle as the results.
How can i get the Baseline Compliant to pull out only eg Authentication Policy Change showing Success and Failure is enabled and setting Compliance Rule to determine it is compliant or non-compliant.
Currently, my script above just pull out all the settings as per the output below.
The Auditpol.exe when get the Category will shows all the subcategory settings. I need to able to tackle a particular subcategory and to able to get the result whether Success and Failure are in place with the compliance rules to check if it compliant or not. How can I go about it with PowerShell for individual subcategory instead of the result in the table above which are incorrect as all the titles names are also inside the evaluation.
PS C:\Windows\system32> auditpol /get /category:"Policy Change"
System audit policy
Authentication Policy Change Success and Failure
Authorization Policy Change Success and Failure
MPSSVC Rule-Level Policy Change Success and Failure
Filtering Platform Policy Change Success and Failure
Other Policy Change Events Success and Failure
Audit Policy Change Success and Failure
The above result, those in bold are the subject/titles which in the previous image all are being listed as entries which are not correct.