If you are serious about checking compliance in your System Center Configuration Manager 2012 managed environment it may have occurred to you that it would be convenient to convert key group policies into System Center Configuration Manager 2012 Compliance Configuration Items (CIs). The following utility will convert the Registry Policy (.pol) portion of group policies; the section under 'Administrative Templates'. If you are interested in converting the entire group policy I've written another more complex blog post that you can use Maximizing SCM to create ConfigMgr 2007 and 2012 DCM Baselines - http://blogs.technet.com/b/jimriekse/archive/2014/05/05/maximizing-scm-to-create-configmgr-2007-and-2012-dcm-cabs.aspx
The ConvertPOLtoDCM utility leverages the ImportRegPol utility written by Aaron Margosis which is included in the attached .zip file and is necessary for ConvertPOLtoDCM to work correctly. More information on ImportRegPol can be found on: http://blogs.technet.com/b/fdcc/archive/2008/05/07/lgpo-utilities.aspx
ConvertPOLtoDCM can be used either interactively or via the command line. To use ConvertPOLtoDCM the following preliminary steps are needed:
- Download the attached ConvertPOLtoDCM .zip file
- Download the LGPO-Utilities.zip file which includes the ImportRegPol utility from http://blogs.technet.com/b/fdcc/archive/2008/05/07/lgpo-utilities.aspx
- Extract the contents of both .zip files
- Copy the files ImportRegPol.exe and ImportRegPol.htm from the extracted LGPO-Utilities directory to the extracted ConvertPOLtoDCM directory. ImportRegPol.exe must be in the same directory as the ConvertPOLtoDCM powershell script to work correctly.
- Ensure that the powershell execution policy allows the execution of the unsigned utility by opening the Powershell ISE as an administrator and running the command Set-ExecutionPolicy Unrestricted
- Ensure you have source content to convert - either a GPO backup or an exported log from the ImportRegPol utility
To use ConvertPOLtoDCM interactively, launch the Powershell script. Either right-click the script and choose Run with Powershell OR open the Powershell ISE and run from there. Local administrative rights are not needed to run the utility. Enter the necessary parameters in the GUI and click Convert.
To use ConvertPOLtoDCM via command line a .htm help file within the attached .zip file details the proper syntax.
Once the .cab file is created it can be imported into System Center Configuration Manager 2012 by navigating to the Assets and Compliance section, expanding Compliance Settings, right-clicking on Configuration Items, and choosing Import Configuration Data. Follow the wizard and ensure the following checkbox is NOT checked Create a new copy of the imported configuration baselines and configuration items.