Services in SCCM Compliance Settings

Compliance Settings, formally Desired Configuration Manager, is a very powerful feature of SCCM. It allows you to set up configuration baselines, and then do something about them. You can create collections, or just have a report of clients that are not compliant. This post will focus on making sure services are installed and in a particular state. Visit this post for a more detailed introduction of Compliance Settings.

Configuration Items

We are going to start by building our configuration items. We will have two – one to monitor the service state, and one to ensure that the service is installed. Let’s start with ensuring that the service is started. Create a new item by clicking “Create Configuration Item” in the ribbon. Give it name and description. On the “Support Platforms” page, select the operating systems that this item should be targeted too. On the “Settings” page, click Give this setting a name and description. Change the “Setting Type” to WQL and the “Data Type” to string. In the “Class” box, type “Win32_Service” and “Started” in the Property box. Next, in the WHERE clause box, type Name=”<service name>”. Be sure to leave the quotes, and remember that this is the actual service name, not the display name. Double-clicking the service and looking at “Service Name” can find the actual service name.


Here is what your page would look like if we were ensuring that the SMS Agent Host were started:


Click OK, and proceed to the “Compliance Rules” screen. Create a new compliance rule, and select the setting we created in the previous step in the “Selected Setting” box. Type “True” in the “the following values” box and click OK.


Finish the wizard.

Now we need to create the configuration item to ensure that the service is installed. The service check that we just created will list the baseline as compliant even if the service isn’t present. It will list it has non-compliant if the service is not started. To check for the service, create another configuration item. Give it a name, description, and select the available operating systems. Create your new setting and give it a name and description. Change the “Setting Type” to script and the “Data Type” to string. Click the “Add Script” button and select “Windows PowerShell” as the language. Copy this into script box:

$a = get-wmiobject -class win32_service -namespace root\cimv2 | where-object -filterscript { $ -eq “” }

If ($a -eq $null) {write-host “false”} Else {write-host “true”}

This checks for the service, and if the value is null, it returns false, meaning that the service is not present. Don’t forget to insert the service name, leaving the surrounding quotes. After inserting the script, check the “Run Scripts by using the 32-bit scripting host on 64-bit devices” box. Your screen should like this:


Set the “Compliance Rule” up the same way as we did earlier, being sure to select the correct “Selected Setting”. Now that we have the configuration items set up, lets move onto creating our baseline.


Configuration Baseline

Create a baseline by selecting “Create Configuration Baseline” in the ribbon. Give it a name and description. Click the “Add” button in the “Configuration Data” box. Select the two configuration items that we previously created and click OK.


Now we need to deploy the baseline to a collection. To do that, click “Deploy” in the ribbon, select your collection and evaluation schedule, and press OK.

Create Non-Compliant Collection

Finally, we can create a collection of non-compliant machines. To do that, select the baseline and click the “Deployments” tab at the bottom of the console. Now select your deployment and in the ribbon an option appears to “Create New Collection”. From here, you can create a collection of compliant, error, non-compliant, or unknown devices. Take your pick and create your collection.

Once you have your collection, you can do whatever you want with that information. You can deploy an application or package to remediate the issue, or just have a running list of computers that don’t meet a baseline.


All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.