Desired Configuration Management in SCCM 2007

Desired Configuration Management (DCM) in System Center Configuration Manager (SCCM) 2007 gives you the capability to determine whether your managed systems are compliant or not with configuration settings that are important to your organization.  Examples of configuration settings are whether a group of systems have the correct version of an application installed, whether an application on a group of systems is configured according to your defined settings, and whether specific systems are compliant with software updates or your specified security settings.

You tell SCCM what you want to check on client systems to be evaluated for compliance by creating configuration items.  A configuration item is a unit of configuration to be assessed for compliance.  A configuration item can contain one or more elements together with the criteria for their evaluation, such as the value of a registry parameter, the existence of a file, or the value of a setting in WMI.  For example, the following configuration item contains two settings.

Configuration items are then added to configuration baselines.  A configuration baseline is what you assign to a collection for evaluation.  One of the configuration settings of a baseline is to choose configuration items to be added to it, as illustrated below.

The systems in the targeted collection evaluate the settings in the configuration items of the baseline and report compliance to SCCM.  SCCM has many built-in DCM reports that you can use to find the compliance status of your systems.

Creating a configuration item may be a time consuming task, depending on the complexity of it.  This process is called authoring configuration data.  Configuration data is a DCM Digest XML file or a Service Modeling Language file.  However, SCCM provides a user-friendly interface for you to create the configuration items and baselines.  If your organization is not able to allocate resources to develop configuration items, you might be able to find configuration packs with configuration baselines and configuration items that meet your business needs.  Some configuration packs are free from Microsoft, and others you can purchase from vendors.  You can browse available configuration packs from the link below.

Configuration Packs at the Microsoft System Center Marketplace

The main function of DCM in SCCM 2007 is to report compliance on settings that are important to you.  However, it is possible to remediate non-compliant systems by developing scripts that you would run on non-compliant systems using SCCM software distribution.  In SCCM 2012, Microsoft automates the remediation of some types of configuration settings.



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.