Creating a Compliance Item, Baseline and Example
I’ve been working on a few request related to Compliance Settings with some of my clients and one of those was to create a Default IE Browser Compliance Baseline. Since this may be needed by some of you, I decided to provide an example on my blog. If you are trying to create a compliance item in a similar manner, or just creating one for the first time: you can use this example as a guide to create a compliance item to check for a registry key> This key will be monitored as a Configuration Item; therefore, if the registry key is changed we will use the remediation mechanism to fix it. Let’s start by creating a simple Configuration Item that will check for a specific registry key.
The Compliance Item
We must first create the configuration item in Configuration Manager. Once you create this item, you must specify the registry key.
For a detail steps on how to create this Configuration Item, Go to the following article: http://technet.microsoft.com/en-us/library/gg712331.aspx
As you can see on my Configuration Item, I have 3 different registry keys that I look for.
To be more specific on the registry, take a closer look at the settings.
We are looking here at HKEY_CURRENT_USER, then Key Name \Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice the Value name is “ProgID”
On my configuration item, if the registry key doesn’t match the following value will return a non- compliance.
Let’s take a look at the compliance rule:
If the registry value is not = IE.FTP, then the target system will be non-compliant. Now we are ready to create a compliance baseline and remediate those machines that are non- compliant.
In a new example, we will be creating a configuration item, but instead of using a registry key let’s try to use a PowerShell script.
For this configuration item, we will be creating two types of scripts. The first script will be a discovery script and will check for a specific value. The second script will be a remediation script.
Now that you have finish creating your Configuration Items, its time to create a configuration Baseline. To do this you must follow the instructions on this link: http://technet.microsoft.com/en-us/library/gg712268.aspx
I have attach a copy of both examples as .cab files and you can import those cab files into your ConfigMgr 2012 environment.
You can download these examples from the following link: http://gallery.technet.microsoft.com/Default-IE-Compliance-a2fd020f
Once downloaded you can follow the steps on this link to import the Configuration Baseline, into the system:
This was more of a quick post, reminder of how to use a Compliance Item and Baselines for a specific task.
Do this example works for you?
Santos Martinez - Premier Field Engineer – ConfigMgr and Databases