nope, i still need settings on the server and not in the baselines, as baselines are created by me so that is not much important as the data or values it is capturing on the server.
As you can see, in the non-compliant settings we are getting the configured value Vs value on the server as there is mismatch. When we are compliant the values match, and i need to show what i am checking and what is found on the server to be called as compliant. Hope this explains. On Tue, Apr 14, 2015 at 5:28 PM, elsalvoz <[email protected]> wrote: > if I'm understanding you correctly, what you are after is setting used in > the baseline not the current value found on systems. > > If that's what you need, should be doable, not sure how easy would be. > We thought you wanted to report on values found on systems, for that > hardware inventory needs to be extended. > > Cesar A > On Apr 14, 2015 4:43 AM, "Abhijeet Janwalkar" < > [email protected]> wrote: > >> Thanks Cesar. >> >> Let me elaborate my requirement in more details. >> >> When we run a baseline against a Asset/Collection and run "Details of >> non-compliant rules of configuration items in a configuration baseline for >> an asset " this report we get report in following format. >> >> I am more interested in Rule Expression and Current Value as this give me >> what made this Rule non-compliant. >> >> >> >> >> >> *Setting Name* >> >> *Setting Description* >> >> *Setting Type* >> >> *Rule Name* >> >> *Severity* >> >> *Rule Description* >> >> *Rule Type* >> >> *Rule Expression* >> >> *Instance Data* >> >> *Current Value* >> >> *Configuration Item Name* >> >> *Configuration Item Revision* >> >> *Last Evaluation Date and Time (UTC)* >> >> AVSignatureVersion >> >> >> >> Registry Value >> >> AVSignatureVersion must exist >> >> Critical >> >> >> >> Count >> >> NotEquals 0 >> >> >> >> 0 >> >> 001 Micrsoft End Point >> >> 3 >> >> 3-27-2015 12:41:09 PM >> >> Engine Version >> >> >> >> Registry Value >> >> EngineVersion must exist >> >> Critical >> >> >> >> Count >> >> NotEquals 0 >> >> >> >> 0 >> >> 001 Micrsoft End Point >> >> 3 >> >> 3-27-2015 12:41:09 PM >> >> EPC-M Service Windows All-User Install Agent >> >> Install AppX Packages for all authorized users >> >> Registry Value >> >> Windows All-User Install Agent >> >> Information >> >> Windows All-User Install Agent >> >> Count >> >> GreaterThan 0 >> >> >> >> 0 >> >> 002 System Services-All Except Hyper-V >> >> 1032 >> >> 3-27-2015 12:41:09 PM >> >> EPC-M Service Windows Event Log >> >> This service manages events and event logs. >> >> Registry Value >> >> Windows Event Log >> >> Information >> >> Windows Event Log >> >> Count >> >> GreaterThan 0 >> >> >> >> 0 >> >> 002 System Services-All Except Hyper-V >> >> 1032 >> >> 3-27-2015 12:41:09 PM >> >> Hyper-V Virtual Machine Management Service >> >> Management service for Hyper-V, provides service to run multiple virtual >> machines. >> >> Registry Value >> >> Hyper-V Virtual Machine Management Service >> >> Information >> >> Hyper-V Virtual Machine Management Service >> >> Count >> >> GreaterThan 0 >> >> >> >> 0 >> >> 002 System Services-All Except Hyper-V >> >> 1032 >> >> 3-27-2015 12:41:09 PM >> >> EPC-M Service Performance Logs & Alerts >> >> Performance Logs and Alerts Collects performance data from local or >> remote computers based on preconfigured schedule parameters, then writes >> the data to a log or triggers an alert. >> >> Registry Value >> >> Performance Logs & Alerts >> >> Warning >> >> >> >> Value >> >> Equals 2 >> >> Location = [Is64Bit=true]:HKEY_LOCAL_MACHINE\SYSTEM\ >> >> CurrentControlSet\services\pla, Property = Start >> >> 3 >> >> 002 System Services-All Except Hyper-V >> >> 1032 >> >> 3-27-2015 12:41:09 PM >> >> >> >> Now when I Run "Details of compliant rules of configuration items in a >> configuration baseline for an asset " I get the report in following format, >> and this one is missing values found on the server. >> >> >> >> *Setting Name* >> >> *Setting Description* >> >> *Setting Type* >> >> *Rule Name* >> >> *Rule Description* >> >> *Rule Type* >> >> *Sub-Status* >> >> *Configuration Item Name* >> >> *Configuration Item Revision* >> >> *Last Evaluation Date and Time (UTC)* >> >> AVSignatureVersion >> >> >> >> Registry Value >> >> AVSignatureVersion Greater than or equal to 1.193.2695.0 >> >> >> >> Value >> >> Compliant >> >> 001 Micrsoft End Point >> >> 3 >> >> 3-27-2015 12:41:09 PM >> >> Engine Version >> >> >> >> Registry Value >> >> EngineVersion Greater than or equal to 1.1.11400.0 >> >> >> >> Value >> >> Compliant >> >> 001 Micrsoft End Point >> >> 3 >> >> 3-27-2015 12:41:09 PM >> >> EPC-M Service Alerter >> >> >> >> Registry Value >> >> Alerter >> >> >> >> Value >> >> Compliant >> >> 002 System Services-All Except Hyper-V >> >> 1032 >> >> 3-27-2015 12:41:09 PM >> >> >> >> >> >> >> >> As the data is in the Database to compare the values, is there any way we >> can export it to show it to my Auditors. >> >> I worked on another tool from VMware called vRealize Configuration >> Manager, it has following format for reporting, and my Managers are kind of >> used to it J and it gave those compliant and non-compliant results in >> single report. >> >> Appreciate if MS can arrange something like that in SCCM. >> >> >> >> *vCM Report Format* >> >> Element: >> >> >> >> Property: >> >> path_name = /etc/issue/builtin:issue >> >> *Status:* >> >> *Non-Compliant* >> >> Not Enforceable >> >> >> >> >> >> *Expected Value* >> >> *Operator* >> >> *Value Found* >> >> >> >> *Must exist* >> >> >> >> *Unknown - No data collected* >> >> Rule Name: >> >> * 7.1.3 Acceptable use of assets - Logon Warning Banner Display - /etc/ >> issue.net >> >> Rule Severity: >> >> Moderate >> >> Rule Type: >> >> Static >> >> >> >> >> >> Model Machine: >> >> N/A >> >> Description: >> >> * User Interaction required: user may need to enter their approved >> warning banner. >> >> This rule verifies that all systems present a log-on notice and consent >> banner on the initial log-on page regardless of access methodology. >> >> Element: >> >> /etc/crontab >> >> Property: >> >> Owner Name >> >> *Status:* >> >> Compliant >> >> *Not Enforceable* >> >> >> >> >> >> *Expected Value* >> >> *Operator* >> >> *Value Found* >> >> >> >> *root* >> >> *=* >> >> *root* >> >> Rule Name: >> >> * 15.2.2 Technical compliance checking - Security Tool Notifications >> >> Rule Severity: >> >> Moderate >> >> Rule Type: >> >> Static >> >> >> >> >> >> Model Machine: >> >> N/A >> >> Description: >> >> This rule checks for the existence of security tools on the system. >> >> *User needs to provide the 'program_name' that has been installed in the >> environment. If there are additional tools then add additional IF >> conditions using the OR connector. >> >> >> >> Hope this helps, as the data is already there, I m not sure if we need to >> extend hardware inventory. >> >> >> On Tue, Apr 14, 2015 at 4:43 PM, elsalvoz <[email protected]> wrote: >> >>> What she meant is that compliance settings are not meant or were >>> designed by Microsoft to give such values, therefore, you can not and >>> will not be able to create or generate the report you are looking for >>> unless you extend hardware inventory. >>> >>> Cesar A >>> On Apr 13, 2015 11:48 PM, "Abhijeet Janwalkar" < >>> [email protected]> wrote: >>> >>>> Hi Sherry, >>>> >>>> Thanks for the reply. >>>> We are using our custom baselines and want such report for Auditing >>>> purpose and also to validate what we have configured is inline with our >>>> expectations. >>>> >>>> Hence requesting a report which can give details of the values captured >>>> even if we are compliant. >>>> >>>> Hope this explains. >>>> >>>> On Mon, Apr 13, 2015 at 10:23 PM, Sherry Kissinger < >>>> [email protected]> wrote: >>>> >>>>> Doesn't work like that, not at all. if a box is compliant, the value >>>>> discovered matches whatever test you have configured for "what means >>>>> compliant". >>>>> >>>>> If you need to know the value, regardless of whether it fits your >>>>> parameters of "what means compliant", then a ConfigItem isn't a fit for >>>>> whatever it is you are doing--that would be inventory (aka, custom >>>>> hardware >>>>> inventory). >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Monday, April 13, 2015 11:02 AM, Abhijeet Janwalkar < >>>>> [email protected]> wrote: >>>>> >>>>> >>>>> I want Report "Details of compliant rules of configuration items in a >>>>> configuration baseline for an asset" in the same format or with the >>>>> dataset >>>>> used by this report "Details of non-compliant rules of configuration items >>>>> in a configuration baseline for an asset" >>>>> As the second report does include values found on the server for >>>>> con-compliant settings, I want values from the server for Compliant >>>>> settings as well. >>>>> >>>>> >>>>> Where i can get the RDL for the report i want. >>>>> >>>>> Thanks in advance. >>>>> >>>>> >>>>> On Mon, Apr 13, 2015 at 6:32 PM, Abhijeet Janwalkar < >>>>> [email protected]> wrote: >>>>> >>>>> Hi All, >>>>> >>>>> I am looking for a custom report via SCCM which will give following >>>>> details. >>>>> >>>>> If a CI is compliant or not then it should show the value configured >>>>> in CI and the value it found on the server and then the status (Compliant >>>>> or non-compliant) >>>>> It should give a report per asset for a Single Baseline. >>>>> >>>>> >>>>> -- >>>>> >>>>> Warm Regards, >>>>> >>>>> Abhijeet Janwalkar >>>>> Blog: http://abhijeet-janwalkar.blogspot.com >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Warm Regards, >>>>> >>>>> Abhijeet Janwalkar >>>>> Blog: http://abhijeet-janwalkar.blogspot.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> Warm Regards, >>>> >>>> Abhijeet Janwalkar >>>> Blog: http://abhijeet-janwalkar.blogspot.com >>>> >>>> >>>> >>> >> >> >> -- >> >> Warm Regards, >> >> Abhijeet Janwalkar >> Blog: http://abhijeet-janwalkar.blogspot.com >> >> >> > -- Warm Regards, Abhijeet Janwalkar Blog: http://abhijeet-janwalkar.blogspot.com
