First published on TECHNET on Jul 31, 2013
Authored by Santos Martinez
Been working on a few topics related to Compliance Setting, one of those was to create a Default IE Browser Compliance Baseline. As this may not be needed for many of you, I wanted to bring the example on my blog. Whether you are trying to create a compliance item with a related subject, or just creating one for the first time. Here is an example on how to create a compliance item to check for a registry key, this key will be monitored with the Compliance Item, once changed we will use the remediation mechanism to get it fix. Let’s start creating a simple Compliance Item, which will check for a specific registry key.
The Compliance Item
We must first create the compliance item in Configuration Manager, once you are creating this item you must specify the registry key.
For a detail steps on how to create this Configuration Item, Go to the following article:
As you can see on my Configuration Item, I have 3 different registry keys to look for.
To be more specific on the registry, take a closer look at the settings.
We are looking here at HKEY_CURRENT_USER, then Key Name \Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice the Value name is “ProgID”
On my compliance item, if the registry don’t match the following value will return a non compliance.
Let’s take a look at the compliance rule:
If that registry value, is not = IE.FTP then will be non compliance. Now we are ready to create a compliance baseline and remediate those machines that are non compliance.
In this example we will be creating a compliance item, but instead of using a registry let’s try to use a PowerShell script.
For this configuration item, we will be having 2 types of scripts. The first script will be a discovery script, and will check for a specific value and the second script will be a remediation script.
Now that you have finish creating your Configuration Items, its time to create a configuration Baseline. To do this you must follow the instructions on this link: https://docs.microsoft.com/en-us/previous-versions/system-center/system-center-2012-R2/gg712268(v=te...
I have attach a copy of both examples as .cab files, you can import those cab files into your ConfigMgr 2012.
You can download this examples from the following link:
http://gallery.technet.microsoft.com/Default-IE-Compliance-a2fd020f
Once downloaded you can follow the steps on this link to import the Configuration Baseline, into the system:
This was more of a quick post, reminder of how to use a Compliance Item and Baselines for a specific task.
Do this example works for you?