Access Keys:
Skip to content (Access Key - 0)

SCCM - Compliance Settings

SCCM Compliance Settings can be used to ensure clients meet a preconfigured baseline. For instance, if we want to make sure that all clients machines have a particular webpage set for the homepage, we can do this through compliance settings. The example will illustrate how to create a Configuration Item and Configuration Baseline. 

Create a Configuration Item

Configuration Items are the individuals settings that you want to set for a particular client. You can simply check for compliance and report back or remediate these settings if they are non-compliant. These configuration items can be grouped into Configuration Baselines.

This example will check to see if Javascript is enabled for Adobe Reader and then remediate it if found to be non-compliant.

  1. Click Assets and Compliance from the left sidebar in the SCCM Console.
  2. Expand Compliance Settings, right click Configuration Items and select Create Configuration Item.

  3. Create a name for the Configuration Item and give it a description. Click Next.

  4. Choose which operating systems you would like to assess for the configuration item.

  5. Click new to create a new settings for this item. You can browse to the registry setting on the local computer or a remote computer (if enabled). Or you can manually specify the path to the registry setting. Click OK. A compliance rule that states that the registry setting must exist is automatically created. Click the Compliance Rules tab to see the auto-generated rule.

  6. Now that we are in the compliance rules section we will create a second compliance rule for this configuration item. Click New and you will get a window for a new setting which is based off the existing registry key. We can now specify that this key has a particular value. Choose to remediate noncompliant rules when supported. In this case, if the value of the reg key is 1, then it will be changed to 0. Click OK, Next, Next.

  7. Click Next as we've already defined the compliance rules and then Next again at the summary page. Click Close at the completion page.

Create a Configuration Baseline

Now that we've created a configuration item, we need to add it to a Configuration Baseline in order to deploy it to a client machine.

  1. Right-click on Configuration Baselines and select Create Configuration Baseline.

  2. Give your new configuration baseline a name and click Add > Configuration Items to pick and choose the CIs that you would like to include in the configuration baseline. You can add multiple CIs to a configuration baseline. This example will add the Javascript item from the previous section.

Deploy the Configuration Baseline

The configuration baseline you've created will not be effective until you've deployed it to your target collection.

  1. Right-click on the baseline and select Deploy from the contextual menu.

  2. The selected baseline will already be added and ready to be deployed. If you'd like to select additional baselines to deploy, you can do so now. You can also choose a schedule to evaluate the compliance settings.
  3. Click OK when you're done making your selections.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

April 28, 2016

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
sccm sccm Delete
endpoint endpoint Delete
management management Delete
compliance compliance Delete
configuration configuration Delete
item item Delete
baseline baseline Delete
c-sccm c-sccm Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki