Use Configuration Manager to configure compliance settings

1. Overview:

Compliance settings in Configuration Manager provide a unified interface and user experience, allowing enterprises to manage configuration and compliance servers, portable computers, desktop computers, and mobile devices in enterprise organizations. Compliance settings include tools to help enterprises evaluate different configurations of users and client devices, such as whether to install and correctly configure the correct Windows OS version, whether all required applications are correctly installed and configured, the optional applications are correctly configured, and whether compliance is disabled for applications. In addition, enterprises can check software updates, security settings, and mobile device and regulatory compliance. Configuration Manager for configuration item settings, registries, scripts, and all settings on mobile devices of Windows Management Specification (Wmi) type can automatically correct non-conforming settings.

The definition of compliance evaluation, which includes the configuration items to be calculated by the enterprise and the setting rules. The enterprise must have a configuration baseline at the compliance level. Enterprises can import this configuration data from the Microsoft Configuration Manager package web as the best practice, in Microsoft and other vendors, Configuration Manager, and then import to Configuration Manager. Alternatively, a management user can create new configuration items and configuration baselines. After defining the configuration benchmark, you can deploy it to users and devices and set it through a collection and evaluation compliance plan. The client device can have multiple deployment configuration baselines. In this way, the Administrator has a high level of control.

The client device evaluates its compliance, reports results to the website immediately based on the configuration benchmark of each deployment, and uses status emails and status messages. If the client device is not currently connected to the network, but the configuration items referenced in the deployed configuration benchmark have been downloaded, the configuration benchmark is for compliance. Regulatory compliance information sent on reconnect. Enterprises can also configure the manager in the control panel from the view compliance evaluation result Configuration tab using a client running Windows.

From the results of the configuration baseline evaluation of regulatory compliance, enterprises can monitor the workspace Configuration Manager Console in monitoring on deployment nodes to view the most common causes of nonconformities, errors, and the number of users and affected devices. Enterprises can set reports to find more detailed information, such as which devices meet or do not comply with requirements, and then configure baseline elements to cause non-compliant computer operation compliance. Enterprises can also view compliance evaluation results from Windows clients by using the configuration tab to configure the manager in the control panel.

2. Compliance settings can be used to support the following business needs:

1) before you compare a desktop, laptop, server, and mobile device to a production environment, verify the configuration of the resource allocation device for one or more custom configuration baselines.

2) identify the device configuration that is not authorized during the change control process.

3) Priority should be given to meeting the five levels of severity (no information, warning, serious, and serious incidents ).

4) compliance with regulatory and internal security policies.

5) Identify Enterprise Security Vulnerabilities defined by Microsoft and other software vendors.

6) The service center provides information to identify non-conforming configurations to detect reported events and possible causes of problems.

7) automatic correction does not conform to the settings of WMI, registry, script, and all registered settings as Mobile Device Configuration Manager.

8) by deploying applications, packages, and programs or scripts to a collection, its reports that they are non-conforming computers will automatically fill in remediation of noncompliance with administrative regulations.

9) integration with management products on computers that are configured to be incompatible with automatic action reports when monitoring windows events.

The following shows how to enable compliance settings in Configuration Manager.

I. Manage configuration items and baseline

1. log on to the Configuration Manager server and open the Configuration Manager Console.

2. Click assets and compliance, expand compliance settings, right-click the configuration item, and select create configuration item.

650) This. width = 650; "Height =" 391 "Title =" clip_image002 "style =" margin: 0px; "alt =" clip_image002 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959235rlDi.jpg "/>

3. specify general information for creating a configuration item

650) This. width = 650; "Height =" 333 "Title =" clip_image004 "style =" margin: 0px; "alt =" clip_image004 "src =" http://img1.51cto.com/attachment/201409/17/8995534_14109592357n58.jpg "/>

4. Specify the client operating system that will evaluate the configuration items for compliance

650) This. width = 650; "Height =" 268 "Title =" clip_image006 "style =" margin: 0px; "alt =" clip_image006 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959236R1u4.jpg "/>

5. Specify operating system settings and click New

6. On the "Create Settings" page, click "General", configure related information, and click "Browse" in the desired name of the configuration.

7. Browse the registry, enter the DC Name, and click Connect.

650) This. width = 650; "Height =" 254 "Title =" clip_image008 "style =" margin: 0px; "alt =" clip_image008 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959236fQFo.jpg "/>

8. Expand the DC Server registry and locateHKEY_LOCAL_MACHINE \ sysytem \ CurrentControlSet \ Control \ Terminal Server

ClickFdenytsconnections

650) This. width = 650; "Height =" 391 "Title =" clip_image010 "style =" margin: 0px; "alt =" clip_image010 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959237EvGq.jpg "/>

9. confirm that the following information has been configured and click OK.

650) This. width = 650; "Height =" 414 "Title =" clip_image012 "style =" margin: 0px; "alt =" clip_image012 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959238Fgw4.jpg "/>

10. On the compliance rules page, click Next.

650) This. width = 650; "Height =" 404 "Title =" clip_image014 "style =" margin: 0px; "alt =" clip_image014 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959239t7rU.jpg "/>

11. In the summary, confirm that the Wizard will create a configuration item for the operating system with the following settings, and click Next

650) This. width = 650; "Height =" 401 "Title =" clip_image016 "style =" margin: 0px; "alt =" clip_image016 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959240UVyC.jpg "/>

12. Wait until the Wizard is created. Click Close.

650) This. width = 650; "Height =" 390 "Title =" clip_image018 "style =" margin: 0px; "alt =" clip_image018 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959241ld5l.jpg "/>

13. Right-click the configuration baseline and choose create configuration baseline.

14. Specify the general information of the created configuration baseline, including name and description, configuration data and category

650) This. width = 650; "Height =" 414 "Title =" clip_image020 "style =" margin: 0px; "alt =" clip_image020 "src =" http://img1.51cto.com/attachment/201409/17/8995534_14109592413lMe.jpg "/>

15. Right-click the created "configuration baseline" and select deployment

650) This. width = 650; "Height =" 393 "Title =" clip_image022 "style =" margin: 0px; "alt =" clip_image022 "src =" http://img1.51cto.com/attachment/201409/17/8995534_14109592417M0W.jpg "/>

16. Select an available configuration baseline and a qualified set on the deployment configuration baseline page, and click OK.

650) This. width = 650; "Height =" 414 "Title =" clip_image024 "style =" margin: 0px; "alt =" clip_image024 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959242AQNx.jpg "/>

17. Switch to the client machine, open the control panel, and click the Configuration Manager Client.

18. Click "operation", select "computer search and evaluation cycle", and click "Run now ".

650) This. width = 650; "Height =" 414 "Title =" clip_image025 "style =" margin: 0px; "alt =" clip_image025 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959242EJkT.png "/>

19. Click Configure, select the allocated configuration baseline, and click evaluate.

650) This. width = 650; "Height =" 414 "Title =" clip_image026 "style =" margin: 0px; "alt =" clip_image026 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959242NDdk.png "/>

20. Confirm the compliance status

650) This. width = 650; "Height =" 414 "Title =" clip_image027 "style =" margin: 0px; "alt =" clip_image027 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959242XDoH.png "/>

21. Click View Report to View Details

650) This. width = 650; "Height =" 390 "Title =" clip_image029 "style =" margin: 0px; "alt =" clip_image029 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959242B2Eo.jpg "/>

22. Switch to the Configuration Manager Server

23. Click monitoring, right-click deployment, right-click the created configuration baseline, and click Run Summary.

650) This. width = 650; "Height =" 382 "Title =" clip_image031 "style =" margin: 0px; "alt =" clip_image031 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959242Cm6U.jpg "/>

24. On the Configuration Manager page, click OK.

650) This. width = 650; "Height =" 186 "Title =" clip_image032 "style =" margin: 0px; "alt =" clip_image032 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959243HcmY.png "/>

25. Right-click to view the status or click View status in the dashboard.

650) This. width = 650; "Height =" 386 "Title =" clip_image034 "style =" margin: 0px; "alt =" clip_image034 "src =" http://img1.51cto.com/attachment/201409/17/8995534_14109592448X95.jpg "/>

26. View deployment status

650) This. width = 650; "Height =" 382 "Title =" clip_image036 "style =" margin: 0px; "alt =" clip_image036 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959244dTwA.jpg "/>

27. view the configuration baseline report using the report service

650) This. width = 650; "Height =" 392 "Title =" clip_image038 "alt =" clip_image038 "src =" http://img1.51cto.com/attachment/201409/17/8995534_1410959244ftWT.jpg "/>

This article is from "Xu Ting's blog", please be sure to keep this source http://ericxuting.blog.51cto.com/8995534/1554513

Use Configuration Manager to configure compliance settings