MECM - SCCM - Compliance Settings
On this page:
Overview
MECM Compliance Settings can be used to ensure clients meet a preconfigured baseline. For instance, if we want to make sure that all clients machines have a particular webpage set for the homepage, we can do this through compliance settings. The example will illustrate how to create a Configuration Item and Configuration Baseline.
Create a Configuration Item
Configuration Items are the individuals settings that you want to set for a particular client. You can simply check for compliance and report back or remediate these settings if they are non-compliant. These configuration items can be grouped into Configuration Baselines.
This example will check to see if Javascript is enabled for Adobe Reader and then remediate it if found to be non-compliant.
- Click Assets and Compliance from the left sidebar in the MECM Console.
- Expand Compliance Settings, right click Configuration Items and select Create Configuration Item.
- Create a name for the Configuration Item and give it a description. Click Next.
- Choose which operating systems you would like to assess for the configuration item.
- Click new to create a new settings for this item. You can browse to the registry setting on the local computer or a remote computer (if enabled). Or you can manually specify the path to the registry setting. Click OK. A compliance rule that states that the registry setting must exist is automatically created. Click the Compliance Rules tab to see the auto-generated rule.
- Now that we are in the compliance rules section we will create a second compliance rule for this configuration item. Click New and you will get a window for a new setting which is based off the existing registry key. We can now specify that this key has a particular value. Choose to remediate noncompliant rules when supported. In this case, if the value of the reg key is 1, then it will be changed to 0. Click OK, Next, Next.
- Click Next as we've already defined the compliance rules and then Next again at the summary page. Click Close at the completion page.
Create a Configuration Baseline
Now that we've created a configuration item, we need to add it to a Configuration Baseline in order to deploy it to a client machine.
- Right-click on Configuration Baselines and select Create Configuration Baseline.
- Give your new configuration baseline a name and click Add > Configuration Items to pick and choose the CIs that you would like to include in the configuration baseline. You can add multiple CIs to a configuration baseline. This example will add the Javascript item from the previous section.
Deploy the Configuration Baseline
The configuration baseline you've created will not be effective until you've deployed it to your target collection.
- Right-click on the baseline and select Deploy from the contextual menu.
- The selected baseline will already be added and ready to be deployed. If you'd like to select additional baselines to deploy, you can do so now. You can also choose a schedule to evaluate the compliance settings.
- Click OK when you're done making your selections.