Security & Management

Using SCCM DCM to verify the GPO compliance (Part 1)

In some cases, we may want to use SCCM DCM to verify that the SCCM Client applied the specified GPO or not. It is a very difficult task because you may not sure that what you should use to query this information from the client machines or Active Directory. And SCCM DCM does not provide the feature for you to import the GPO/Security Template for the compliance checking.

I tried to use Active Directory Query and Registry, but the result is not very well. Finally, I use WMI Query to query the client machine and build the Configuration Baseline Successfully.

Here are the steps to create the Baseline for GPO compliance checking with Silect Software CP Studio.

  1. Create a new GPO and import the Security Template or use the existing GPO with the imported Security Template.
  2. Select the GPO in the Group Policy Tab, Click Properties.
  3. Remember the Unique name of the GPO. Click Cancel Twice.
  4. Start the CP Studio on the SCCM Site Server, Click New to start the Golden Master Configuration Baseline Creation Wizard. Click Next
  5. In the Enter Machine Credentials Page, Choose Use machine on network and specify the Master computer that applied the GPO. Click Next
  6. In the Operating System Requirements Page, Click Next.
  7. In the Application Requirements Page, Click Next.
  8. In the Application Detail Requirements Page, Choose WMI Queries and click Add WMI Query button.
  9. In the Define custom WMI queries windows, choose RSOP, RSOP_GPO in Available namespaces/classes area. Click Retrieve.
  10. In the Available records area, choose the GPO that you want to be the configuration baseline. Make sure that the guidName is correct.
  11. In the Query definition area, Enable the enable checkbox and guidName checkbox. Highlight the enable checkbox and click Add button. Click OK.
  12. In the Application Detail Requirements Page, Make sure that the new created WMI query is selected. Click Next.
  13. In the Baseline Properties Page, Specify the Display Name, Description and Save location for that new created baseline. Click Finish.
  14. Import the Configuration Baseline into SCCM DCM and Assign the Baseline to the collection.
Attachment: Screenshot.zip
Posted: Mar 31 2008, 01:31 AM by daniel | with no comments |
Filed under:
Leave a Comment

(required) 

(required) 

(optional)

(required)