Services in SCCM Compliance Settings

Compliance Settings, formally Desired Configuration Manager, is a very powerful feature of SCCM. It allows you to set up configuration baselines, and then do something about them. You can create collections, or just have a report of clients that are not compliant. This post will focus on making sure services are installed and in a particular state. Visit this post for a more detailed introduction of Compliance Settings.

Configuration Items

We are going to start by building our configuration items. We will have two – one to monitor the service state, and one to ensure that the service is installed. Let’s start with ensuring that the service is started. Create a new item by clicking “Create Configuration Item” in the ribbon. Give it name and description. On the “Support Platforms” page, select the operating systems that this item should be targeted too. On the “Settings” page, click Give this setting a name and description. Change the “Setting Type” to WQL and the “Data Type” to string. In the “Class” box, type “Win32_Service” and “Started” in the Property box. Next, in the WHERE clause box, type Name=”<service name>”. Be sure to leave the quotes, and remember that this is the actual service name, not the display name. Double-clicking the service and looking at “Service Name” can find the actual service name.

1

Here is what your page would look like if we were ensuring that the SMS Agent Host were started:

2

Click OK, and proceed to the “Compliance Rules” screen. Create a new compliance rule, and select the setting we created in the previous step in the “Selected Setting” box. Type “True” in the “the following values” box and click OK.

3

Finish the wizard.

Now we need to create the configuration item to ensure that the service is installed. The service check that we just created will list the baseline as compliant even if the service isn’t present. It will list it has non-compliant if the service is not started. To check for the service, create another configuration item. Give it a name, description, and select the available operating systems. Create your new setting and give it a name and description. Change the “Setting Type” to script and the “Data Type” to string. Click the “Add Script” button and select “Windows PowerShell” as the language. Copy this into script box:

$a = get-wmiobject -class win32_service -namespace root\cimv2 | where-object -filterscript { $_.name -eq “” }

If ($a -eq $null) {write-host “false”} Else {write-host “true”}

This checks for the service, and if the value is null, it returns false, meaning that the service is not present. Don’t forget to insert the service name, leaving the surrounding quotes. After inserting the script, check the “Run Scripts by using the 32-bit scripting host on 64-bit devices” box. Your screen should like this:

3
4

Set the “Compliance Rule” up the same way as we did earlier, being sure to select the correct “Selected Setting”. Now that we have the configuration items set up, lets move onto creating our baseline.

5

Configuration Baseline

Create a baseline by selecting “Create Configuration Baseline” in the ribbon. Give it a name and description. Click the “Add” button in the “Configuration Data” box. Select the two configuration items that we previously created and click OK.

6

Now we need to deploy the baseline to a collection. To do that, click “Deploy” in the ribbon, select your collection and evaluation schedule, and press OK.

Create Non-Compliant Collection

Finally, we can create a collection of non-compliant machines. To do that, select the baseline and click the “Deployments” tab at the bottom of the console. Now select your deployment and in the ribbon an option appears to “Create New Collection”. From here, you can create a collection of compliant, error, non-compliant, or unknown devices. Take your pick and create your collection.

Once you have your collection, you can do whatever you want with that information. You can deploy an application or package to remediate the issue, or just have a running list of computers that don’t meet a baseline.

Disclaimer

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
WME Cybersecurity Briefings No. 008
Cyber Security

WME Security Briefing 03 May 2024

Security Bulletin: MITRE Corporation Targeted by Nation-State Cyber Attack Overview The MITRE Corporation, a prominent security and cybersecurity researcher in the USA, has fallen prey to compromise in its environment because of a sophisticated cyberattack from

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=