In some cases, we may want to use SCCM DCM to verify that the SCCM Client applied the specified GPO or not. It is a very difficult task because you may not sure that what you should use to query this information from the client machines or Active Directory. And SCCM DCM does not provide the feature for you to import the GPO/Security Template for the compliance checking.
I tried to use Active Directory Query and Registry, but the result is not very well. Finally, I use WMI Query to query the client machine and build the Configuration Baseline Successfully.
Here are the steps to create the Baseline for GPO compliance checking with Silect Software CP Studio.
-
Create a new GPO and import the Security Template or use the existing GPO with the imported Security Template.
-
Select the GPO in the Group Policy Tab, Click Properties.
-
Remember the Unique name of the GPO. Click Cancel Twice.
-
Start the CP Studio on the SCCM Site Server, Click New to start the Golden Master Configuration Baseline Creation Wizard. Click Next
-
In the Enter Machine Credentials Page, Choose Use machine on network and specify the Master computer that applied the GPO. Click Next
-
In the Operating System Requirements Page, Click Next.
-
In the Application Requirements Page, Click Next.
-
In the Application Detail Requirements Page, Choose WMI Queries and click Add WMI Query button.
-
In the Define custom WMI queries windows, choose RSOP, RSOP_GPO in Available namespaces/classes area. Click Retrieve.
-
In the Available records area, choose the GPO that you want to be the configuration baseline. Make sure that the guidName is correct.
-
In the Query definition area, Enable the enable checkbox and guidName checkbox. Highlight the enable checkbox and click Add button. Click OK.
-
In the Application Detail Requirements Page, Make sure that the new created WMI query is selected. Click Next.
-
In the Baseline Properties Page, Specify the Display Name, Description and Save location for that new created baseline. Click Finish.
-
Import the Configuration Baseline into SCCM DCM and Assign the Baseline to the collection.
I just completed some PoC for the customers in the last afew months. And these PoC included the solutions from the System Center partners, such as 1E, Jalasoft, AVIcode, excSoftware and Silect Software.
And i want to share my experience on these great partner solutions with all of you.
Operations Manager:
-AVIcode Intercept Studio/SEViewer.
It is a great partner solution for monitor Microsoft .NET in Operations Manager. It enables Operations Manager to monitor .NET Executable Applications, ASP.NET Application and ASP.NET Web Service.etc. We also work with AVIcode to enable the monitoring capability for .NET Remoting. Other than Health monitoring for the .NET Application, AVIcode Intercept Studio/SEViewer also monitor the Job Failure, SLA Performance Violation and missing page.etc. Administrator use the Intercept Studio UI to configure monitoring and performance thresolds for each Application. The AVIcode .NET Enterprise Management Pack also integrate the SEViewer with Operations Manager. We can create and configure the .NET Application Health Model and Distributed Application within Operations Manager, and use Distributed Application Designer to create the Service Model. It is very useful for the Developer who require the tool to detect the issue within their codes and the Administrator who require to monitor the health and Performance of the .NET Applications.
-Jalasoft Xian Io Network Manager.
To monitor Network Device, such as Switches, Routers, Load Balancer and Firewall in Operations Manager, You need to spend so much effort to configure the SNMP collection and alert generation. And you may not get the expected or good result by this manual configuration task. Jalasoft Xian Io Network Manager included the predefined rules and wizards to configure the monitoring for the network devices. Once the Xian Io Network Manager discovered the devices in the network, you can apply the monitoring template or rules to the device, and the monitoring is started. The Rules and Templates can be customize to fit the business requirement by using the Xian Io Network Manager UI. It also included the Management Pack to allow Operations Manager to build the service model that contain the Jalasoft monitored network devices.
-excSoftware
excSoftware developed the Virtual Agent to collect the data by using Syslog, SNMP and CLI from the non Windows devices and applications, such as Linux, Unix, Lotus Domino, Apache.etc. These data will forward to Operations Manager and generate the events and alerts for the administrator to check the health status of the non Windows Devices and Applications. And It covered many non Windows Devices and Applications.
Configuration Manager:
-1E SMSNomad.
1E released so many add on for SMS and Configuration Manager. SMSNomad is one of the add on. In SMS 2003, It enabled the SMS Advanced Client Workstation to be the Local Distribution Point. This reduce the required Server machine in the Small Branch Office. SMSNomad also enables the multicast functionality in SMS and Configuration Manager Software Distribution. It is a great add on for reduce the network traffic of software distribution and Speed up the Software Distribution.
-Silect Software.
To author Operations Manager Management Pack and Configuration Manager Configuration Baseline easily, Silect Software released the MP Studio and CP Studio to help the administrator to author the MP and the Configuration Baseline. For Configuration Baseline, CP Studio included the "Master Image" Capture function to capture the OS and Application Configuration on the Master Machine, And convert to the Configuration Baseline automatically. It also supports to capture the Active Directory data on the machine for the configuration baseline. It reduced the effort to author the configuration items and configuration baselines in Configuration Manager DCM.
I will share the experience of another Partner Solutions with all of you in the future.