SCCM Compliance Settings: Client Version

The post will detail the configuration to set up Compliance Settings (formally Desired Configuration Manager) to monitor the versions of the SCCM client that you are running. This is part of an ongoing series are Compliance Settings. See this post for a detailed introduction of  CM 2012 SP1 Compliance Settings.

Configuration Item

We must first create our configuration item. Navigate to the Compliance Settings > Configuration Item section of the SCCM console. Select “Create Configuration Item” from the ribbon, give it a name and description, and click “New” on the Settings page. Give the setting a name and description. Change the “Setting Type” to “WQL Query” and the “Data Type” to string. Change namespace to “root\ccm”, input “CCM_InstalledComponent” as the class, and input “Version” as the property. Finally, in the WHERE clause box, type “Name=”CcmFramework””. Be sure to put the quotes around CcmFramework. When complete, it should look like this:

1

Click OK, and proceed to the Compliance Rules screen. Create a new one. Select the setting we just created by clicking the “Browse” button. Leave the “rule type” as value. Now, where it says “Equals”, change that to either “One of” or “None of”.

2

The difference is in what you want the rule to do. If you want a rule where machines are compliant if they are a particular version, select “One of” and put in the version. If you want them to be compliant if they aren’t of a particular version, select “None of”. An example would be if I want my compliant machines to only be SCCM 2012 R2, I would select “One of” and enter values of “5.00.7958.1000” and “5.00.7958.1203”. Another option here is to use “Equals” if you are only looking for one particular version. Here is a table of version numbers for SCCM 2012, current to R2 CU1.

SCCM 20125.00.7711.0000
SCCM 2012 SP15.00.7804.1000
SCCM 2012 SP1 CU15.00.7804.1202
SCCM 2012 SP1 CU25.00.7804.1300
SCCM 2012 SP1 CU35.00.7804.1400
SCCM 2012 R25.00.7958.1000
SCCM 2012 R2 CU15.00.7958.1203

After you have your client versions, your page should look like this:

3

This configuration item will label any device that is not at least R2 as non-compliant.

Configuration Baseline

Now we need to create our baseline. To do that, switch to the “Configuration Baselines” section. Click “Create Configuration Baselines” from the ribbon. Give your baseline a name and description. Click the “Add” button and select “Configuration Items”. Select the configuration item we just created, and click “Add”. Once you have your baseline created, you can deploy it to a collection. After it is deployed, you can select the deployment and a new option in the ribbon will appear called “Create New Collection”. From there, you can create collections for compliant, non-compliant, error, or unknown devices.

Disclaimer

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=