Creating a Compliance Item, Baseline and Example


Been working on a few topics related to Compliance Setting, one of those was to create a Default IE Browser Compliance Baseline. As this may not be needed for many of you, I wanted to bring the example on my blog. Whether you are trying to create a compliance item with a related subject, or just creating one for the first time. Here is an example on how to create a compliance item to check for a registry key, this key will be monitored with the Compliance Item, once changed we will use the remediation mechanism to get it fix. Let’s start creating a simple Compliance Item, which will check for a specific registry key.

The Compliance Item

We must first create the compliance item in Configuration Manager, once you are creating this item you must specify the registry key. For example.

For a detail steps on how to create this Configuration Item, Go to the following article: http://technet.microsoft.com/en-us/library/gg712331.aspx

clip_image002

As you can see on my Configuration Item, I have 3 different registry keys to look for.

To be more specific on the registry, take a closer look at the settings.

clip_image004

We are looking here at HKEY_CURRENT_USER, then Key Name \Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice the Value name is “ProgID”

On my compliance item, if the registry don’t match the following value will return a non compliance.

Let’s take a look at the compliance rule:

clip_image006

If that registry value, is not = IE.FTP then will be non compliance. Now we are ready to create a compliance baseline and remediate those machines that are non compliance.

In this example we will be creating a compliance item, but instead of using a registry let’s try to use a PowerShell script.

clip_image008

For this configuration item, we will be having 2 types of scripts. The first script will be a discovery script, and will check for a specific value and the second script will be a remediation script.

clip_image010

Now that you have finish creating your Configuration Items, its time to create a configuration Baseline. To do this you must follow the instructions on this link: http://technet.microsoft.com/en-us/library/gg712268.aspx

I have attach a copy of both examples as .cab files, you can import those cab files into your ConfigMgr 2012.

You can download this examples from the following link: http://gallery.technet.microsoft.com/Default-IE-Compliance-a2fd020f

Once downloaded you can follow the steps on this link to import the Configuration Baseline, into the system:

http://technet.microsoft.com/en-us/library/hh691016.aspx

This was more of a quick post, reminder of how to use a Compliance Item and Baselines for a specific task.

Do this example works for you?

Comments (0)

Skip to main content