CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

Browsing Posts tagged DCM

Have you ever wondered if Anti-virus is running on all client computers? Or if the desktop firewall is started and running as supposed to be? If you haven’t started with DCM yet you should really try it out!
Using DCM it is possible to check if a specific service is running using DCM.

The following steps descibes how to create a configuration item for reporting if the Spooler service is running. We use WMI and query win32\Service for the state of the service.

Create a new Configuration Item as shown in the example below, where “Name=Spooler” determines which service to monitor(easy to change to for instance TmListen for Trend Micro Officescan):

DCM1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

On the validation tab press new and configure the validation as shown below:

DCM3

 

 

 

 

 

 

 

 

 

 

 

 

 

 

After pressing OK change the severity on the next page to Error:

DCM2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Then you are ready to add it to your baseline.

When creating a baseline for your environment Desired Configuration Management in Configuration Manager can be used to monitor that all laptops operating system drive is encrypted using DCM. This could be useful to verify that an administrator somewhere haven’t removed bitlocker or to make sure that the deployment strategi for bitlocker is working correctly.

  • Create a new Configuration Item General or Operating System is up to you, under Desired Configuration in the SCCM console.
  • On the Settings tab select New
  • Name it Bitlocker Status
  • Namespace:  Root\CIMV2\Security\MicrosoftVolumeEncryption
  • Class:  Win32_EncryptableVolume
  • Property:  DriveLetter
Bitlocker Settings screen

Bitlocker Settings screen

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • On the validation screen
  • Operator:  Equals
  • Value:  C:
  • Severity:  Error

Bitlocker_CI2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • On the Status screen change the severity to Error

Bitlocker_CI3

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Completed!

No create a DCM Baseline containing the Bitlocker Configuration Item and assign it to a collection containing you Windows 7 and Windows Vista computers.