CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

Browsing Posts tagged DCM

Have you ever wondered if Anti-virus is running on all client computers? Or if the desktop firewall is started and running as supposed to be? If you haven’t started with DCM yet you should really try it out!
Using DCM it is possible to check if a specific service is running using DCM.

The following steps descibes how to create a configuration item for reporting if the Spooler service is running. We use WMI and query win32\Service for the state of the service.

Create a new Configuration Item as shown in the example below, where “Name=Spooler” determines which service to monitor(easy to change to for instance TmListen for Trend Micro Officescan):

















On the validation tab press new and configure the validation as shown below:
















After pressing OK change the severity on the next page to Error:

















Then you are ready to add it to your baseline.

When creating a baseline for your environment Desired Configuration Management in Configuration Manager can be used to monitor that all laptops operating system drive is encrypted using DCM. This could be useful to verify that an administrator somewhere haven’t removed bitlocker or to make sure that the deployment strategi for bitlocker is working correctly.

  • Create a new Configuration Item General or Operating System is up to you, under Desired Configuration in the SCCM console.
  • On the Settings tab select New
  • Name it Bitlocker Status
  • Namespace:  Root\CIMV2\Security\MicrosoftVolumeEncryption
  • Class:  Win32_EncryptableVolume
  • Property:  DriveLetter
Bitlocker Settings screen

Bitlocker Settings screen

















  • On the validation screen
  • Operator:  Equals
  • Value:  C:
  • Severity:  Error
















  • On the Status screen change the severity to Error


















No create a DCM Baseline containing the Bitlocker Configuration Item and assign it to a collection containing you Windows 7 and Windows Vista computers.