Creating a Compliance Item, Baseline and Example

Published Sep 30 2019 06:11 PM 1,291 Views

First published on TECHNET on Jul 31, 2013

Authored by Santos Martinez


Been working on a few topics related to Compliance Setting, one of those was to create a Default IE Browser Compliance Baseline. As this may not be needed for many of you, I wanted to bring the example on my blog. Whether you are trying to create a compliance item with a related subject, or just creating one for the first time. Here is an example on how to create a compliance item to check for a registry key, this key will be monitored with the Compliance Item, once changed we will use the remediation mechanism to get it fix. Let’s start creating a simple Compliance Item, which will check for a specific registry key.


The Compliance Item


We must first create the compliance item in Configuration Manager, once you are creating this item you must specify the registry key.


For a detail steps on how to create this Configuration Item, Go to the following article:



As you can see on my Configuration Item, I have 3 different registry keys to look for.

To be more specific on the registry, take a closer look at the settings.



We are looking here at HKEY_CURRENT_USER, then Key Name \Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice the Value name is “ProgID”


On my compliance item, if the registry don’t match the following value will return a non compliance.

Let’s take a look at the compliance rule:



If that registry value, is not = IE.FTP then will be non compliance. Now we are ready to create a compliance baseline and remediate those machines that are non compliance.


In this example we will be creating a compliance item, but instead of using a registry let’s try to use a PowerShell script.



For this configuration item, we will be having 2 types of scripts. The first script will be a discovery script, and will check for a specific value and the second script will be a remediation script.



Now that you have finish creating your Configuration Items, its time to create a configuration Baseline. To do this you must follow the instructions on this link:


I have attach a copy of both examples as .cab files, you can import those cab files into your ConfigMgr 2012.


You can download this examples from the following link:


Once downloaded you can follow the steps on this link to import the Configuration Baseline, into the system:


This was more of a quick post, reminder of how to use a Compliance Item and Baselines for a specific task.

Do this example works for you?


Version history
Last update:
‎Oct 15 2019 01:16 PM
Updated by: