Sample Configuration Item: Check for the Presence of the Client Installation Properties Registry Key Using Desired Configuration Management
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
This procedure guides you through the process of using desired configuration management in Configuration Manager 2007 to create a general configuration item with an object setting to determine whether the registry key Hkey_Local_Machine\Software\Policies\Microsoft\Ccmsetup\SetupParameters is found on client computers.
Purpose of the Configuration Item
The registry key Hkey_Local_Machine\Software\Policies\Microsoft\Ccmsetup\SetupParameters can be created by Configuration Manager 2007 administrators to store installation properties for the client installation program, CCMSetup. When the Configuration Manager 2007 client is installed on computers containing this registry key, the values in this registry key will be read by CCMSetup and applied to the client installation.
Although this can be a useful feature, installation properties stored in the registry might overwrite site-wide settings specified by the Configuration Manager 2007 administrator causing inconsistent settings to be applied across clients in the Configuration Manager 2007 site. Desired configuration management can be used to detect the presence of this registry key, which allows you to monitor for the unauthorized presence of this registry key.
To author a general configuration item to check for the presence of the registry key Hkey_Local_Machine\Software\Policies\Microsoft\Ccmsetup\SetupParameters:
In the Configuration Manager console, navigate to System CenterConfiguration Manager / Site Database / Computer Management / Desired Configuration Management.
Expand the Desired Configuration Management node, right-click Configuration Items, click New, and then click General Configuration Item.
On the Identification page of the Create General Configuration Item Wizard, specify the following:
Name: Specify a unique and descriptive name for the configuration item, such as Client setup parameters registry check.
Description: Specify a description for the configuration item, such as This configuration item determines whether client computers have instances of the registry keyHkey_Local_Machine\Software\Policies\Microsoft\Ccmsetup\SetupParameters.
On the Objects page of theCreate General Configuration Item Wizard, click New, and then click Registry Key.
In the New Registry Key Properties dialog box, specify the following in the General tab:
Hive: From the drop-down list, select HKEY_LOCAL_MACHINE.
Key: Specify the path Software\Policies\Microsoft\Ccmsetup\SetupParameters.
Is this registry key associated with a 64-bit application? Select No.
Select the option Report a non-compliance event when this instance count fails.
Instance count operator: Select Greater than.
Values: Specify the value 0.
Severity: From the drop-down list, select Warning.
Click OK to close the New Registry Key Properties dialog box.
On the Settings page of the Create General Configuration Item Wizard, click Next.
On the Applicability page of the Create General Configuration Item Wizard, specify the following:
Under Windows Platforms, select All Windows Platforms.
On the Summary page of the Create General Configuration Item Wizard, review the settings for the configuration item you have created, and then click Next.
View the Progress page of the Create General Configuration Item Wizard. When this is complete, view the summary of actions taken on the Wizard Complete page.
Now that you have created this general configuration item, it can be added to a configuration baseline using the following configuration baseline rule:
- These application and general configuration items are required and must be properly configured
Assign this configuration baseline to computers that should not have this registry key present, and investigate the computers that report non-compliance.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.