Software Version in SCCM Compliance Settings

This article is part of an ongoing series about Compliance Settings. This article will focus on using compliance settings to ensure that all of your devices have the most up-to-date version of a particular piece of software. I am going to use the VMware Horizon View Client as my example.

Application Collection

First, we must isolate all devices with a particular software installed, regardless of version. To do that, create a new collection. Create a query rule for membership. Now, you can either hit the “Show Query Language” button and paste in this code:

select
SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Na
me,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainOR
Workgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join
SMS_G_System_ADD_REMOVE_PROGRAMS on
SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID =
SMS_R_System.ResourceId inner join
SMS_G_System_ADD_REMOVE_PROGRAMS_64 on
SMS_G_System_ADD_REMOVE_PROGRAMS_64.ResourceID =
SMS_R_System.ResourceId where
SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like “%VMware
Horizon View%” or SMS_G_System_ADD_REMOVE_PROGRAMS_64.DisplayName
like “%VMware Horizon View%””

Now, when you click “Show Query Design” and select the “Criteria” tab, it should look like this:

1

You can double click the two criteria and change your application name. Remember to leave the percent signs if you leave the operator as “is like”. The correct application names can be found by using the Resource Explorer for a device. You will need the second “Install Applications (64)” if the application appears under that section in Resource Explorer.

Once we have our application collection built, we can define the compliance setting.

Compliance Setting

First, we need to create our configuration item. To do that, navigate to the compliance settings area of the console and click “Create Configuration Item” from the ribbon. Give the item a name and description. When you get to the “Settings” section, click Give the setting a name, and change “Setting Type” to file system. Click browse, and find the file in question. You can connect to another computer (as long as remote management is turned on) and also find the file. Now, check the “The selected file must be compliant with the following rules” check box. Click “Add” and select the correct setting. Normally, version would be a great thing to use. I have to use “Date modified” because VMware put letters in their version number, and SCCM can’t handle those.

Remember that when the devices meet this requirement, they are considered “compliant”, so use the version that you want your devices to have when setting this up. When complete, your windows should look similar to this:

2

We have one slight problem here, which we will be able to fix after clicking OK. Because this application is installed in “Program Files (x86)”, we get the wrong environment variable. So after clicking OK, change %ProgramFiles(x86)% to %ProgramFiles% and check the “This file or folder is associated with a 64-bit application” check box and click OK.

You can now click through the rest of the Configuration Item wizard.

3

Now we need to create our baseline. Navigate to the “Configuration Baselines” section of Compliance Settings, and click “Create Configuration Baseline” in the ribbon. Give your baseline a name, click the “Add” button, and select “Configuration Items”. Find the configuration item that we just created, click “Add”, then click OK.

4

All that is left now is to deploy the baseline to the collection we created earlier. After deployment, you can create a collection of non-compliant computers by selecting the deployment, then clicking “Create New Collection” in the ribbon and selecting “Non-compliant”.

Disclaimer

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=