Authoring a DCM Configuration Item to Identify and Fix Non-compliant Systems

Sometimes administrators have the need to find systems that have an undesirable file and delete it.  A system with this file is not considered to be compliant with the organization’s policies.  One way to tackle this problem is using Desired Configuration Management (DCM) in System Center Configuration Manager (SCCM) 2007.  This article provides information on how to author a DCM Configuration Item (CI) and Configuration Baseline to identify systems with the file and how to use SCCM software distribution to delete the file automatically.

Creating a Configuration Item

In this example the undesirable file is redFlag.txt in the root of drive c:.  The first step is to create a DCM configuration item to detect the file.  Right-click on Configuration Items, select New and click on General Configuration Item.

In the Identification page of the wizard, provide a descriptive name and click on Next.

In the Objects page of the wizard, click on New and then click on File or Folder as illustrated below.

The New File or Folder Properties will open.  Enter the information for the file in the General tab as illustrated below.

Click on the Validation tab and configure it with the following settings.  We are indicating to report non-compliance when the instance count of less than 1 fails (meaning there’s one or more of this file).

Click on OK to close the New File or Folder Properties window and then click on Next to continue with the Configuration Item wizard.

Click on Next on the Settings page.   Then, click on Next to accept the default settings in the Applicability page.  Click on Next and Close twice to finish the wizard.  Now our Configuration Item has been created.

Adding Configuration Item to a Baseline

To add our Configuration Item to a new Baseline, right-click on Configuration Baselines and select New Configuration Baseline.

Give a name to the baseline and click on Next.

In the Set Configuration Baseline Rules page, select “These applications and general configuration items are required and must be properly configured:” as illustrated below.

Select our Configuration Item and click on OK.

Click on Next twice to finish the New Configuration Baseline wizard.

Assigning the Baseline to a Collection

Now we need to assign our new baseline to a collection with systems that will evaluate it to report compliance on it.  Right-click on the baseline and select Assign to a Collection to assign it to the appropriate collection by selecting the baseline you want to assign and the target collection.

Systems in the collection will retrieve the assignment of the baseline and evaluate it the next time they pull policies from SCCM (every 60 minutes by default).  When the client in this example retrieved the policy, it evaluated it.  The Configurations tab of the Configuration Manager applet in control panel provides information about our baseline.  This client has the RedFlag.txt file in the root of drive C: so it isn’t compliant.

Run a report to obtain compliance information

You can run the “Summary compliance by configuration baseline’ report to find compliance information on all the systems in the targeted collection.  Select the Configuration Baseline Name that you want to get information on.

And then click on Display.

Fixing non-compliant systems

To fix the non-compliant systems (the ones that have the c:\redFlag.txt file), we’ll put together a simple batch file and deliver it to the non-compliant systems using SCCM software distribution.  Our batch file contains just one line:

del c:\redFlag.txt

You can now create an SCCM program and package containing the batch file.  You’ll advertise this program to non-complaint systems.

Now we need to create a collection with non-complaint systems.  You can use WQL query language to create a dynamic collection that will be composed of only non-compliant systems every time it evaluates (you indicate how frequently the collection should be evaluated).  If you have R3 for SCCM 2007 installed, you can create the collection automatically by right-clicking on the baseline, select “Create New Collection” and click on “Non-Compliant Systems”.

In the New Collection wizard, give the collection a name and indicate how often it should be evaluated (the default is every 1 day).

The collection was created with the following WQL statement, which is what you would have to create if R3 wasn’t installed on your SCCM 2007 site server.

Click Next and Finish to create the collection.  In this example, it got populated with the non-compliant system.

You can now advertise the SCCM program to fix the non-compliant systems (by deleting the c:\redFlag.txt file) to this collection.

In our example, after the non-complaint system ran the advertised SCCM program and then evaluated the baselines on the next scheduled evaluation, our baseline was reported as “Compliant” in the Configurations tab of the Configuration Manager applet in control panel.

Then the next time our collection evaluated, it no longer had our system in it.

The DCM report now shows 1 compliant system instead of 1 non-compliant


Picture of Matt Tinney

Matt Tinney

Professional IT executive & business leader having decades of experience with Microsoft technologies delivering modern-day cloud & security solutions.

Contact Us

On Key

More Posts

E-Commerce Security - Solutions for Online Retailers

E-commerce Security – Solutions for Online Retailers

Today’s hyper-charged e-commerce landscape demands top-notch cybersecurity measures. Cybersecurity for this bustling sector isn’t just about ticking a technical box; it’s the cornerstone of building trust. As businesses and consumers flock to the online space, the

Read More »
WME Cybersecurity Briefings No. 017
Cyber Security

WME Security Briefing 08 July 2024

SnailLoad: A New Stealthy Threat to Web Privacy Overview: Researchers discover a concerning new side-channel attack technique: SnailLoad. It exploits inherent weaknesses in the internet to potentially monitor a user’s web activity without requiring any direct access to

Read More »
WME Cybersecurity Briefings No. 016
Cyber Security

WME Security Briefing 27 June 2024

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor Overview An unknown Golang-based backdoor GoRed is being employed by the cybercrime gang ExCobalt. This group has roots dating back to at least 2016 and possibly originates

Read More »
Top 7 Office 365 Backup Solutions
Cloud Computing

Top 7 Office 365 Backup Solutions

Let’s explore the top 7 Microsoft 365 (Office 365) backup and recovery solutions. These solutions feature, among others, automated backups, detailed reporting, and efficient deduplication. We will guide you through their pros and cons and what

Read More »
WME Cybersecurity Briefings No. 015
Cyber Security

WME Security Briefing 24 June 2024

Google’s Privacy Sandbox Faces Scrutiny Over User Tracking Allegations Overview Google’s Privacy Sandbox was initially designed to replace third-party cookies in Chrome. It was a more privacy-conscious solution, but the Austrian privacy group Noyb is now

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.