Thank you all very much! This will keep me busy for some time. Best regards,
Chris From: [email protected] [mailto:[email protected]] On Behalf Of Sherry Kissinger Sent: Thursday, January 21, 2016 2:41 PM To: [email protected] Subject: Re: [mssms] RE: What are you using configuration baselines for? The main ones... 1) Local Group Members into WMI http://mnscug.org/blogs/sherry-kissinger/244-all-members-of-all-local-groups-configmgr-2012 2) A bunch of Nomad ones to keep nomadbranch healthy 3) Although we do a lot of settings via GPO ... we're so huge that not everyone who has control over their GPOs... actually understands them. So a few things that would be best done in GPOs but we have several ConfigItems that at least monitor for things we care about; and a few that remediate. Things like... our Certificate for SCUP-signed updates, and the WinRM configuration. http://mnscug.org/blogs/sherry-kissinger/299-compliance-setting-to-enable-winrm 4) Adobe Products Information--especially useful with the recent Adobe DC product releases, where you can't tell Pro vs. Std without reading the .xml locally, and this does it for you. http://mnscug.org/blogs/sherry-kissinger/419-gather-some-adobe-serial-numbers-and-version-using-configmgr-compliance-settings-and-hardware-inventory 5) Disable Inventory Throttling http://www.mnscug.org/blogs/sherry-kissinger/287-cm12disableinventorythrottling 6) EventLog Parser for Windows Installer Installations (this one isn't my favorite, but manager types love it. They are so weird sometimes.) MNSCUG - Minnesota System Center User Group - Some Limited Windows Installer Event Information via Compliance Setting<http://www.mnscug.org/blogs/sherry-kissinger/338-some-limited-windows-installer-event-information-via-compliance-setting> 7) The Annoying Client Retry Task: http://mnscug.org/blogs/sherry-kissinger/409-configuration-manager-2012-the-client-reinstalls-daily 8) Keep our SUPs from tipping over: MNSCUG - Minnesota System Center User Group - WSUS (SUP) Servers in ConfigMgr 2012 custom Configuration Settings<http://www.mnscug.org/blogs/sherry-kissinger/360-wsus-sup-servers-in-configmgr-2012-custom-configuration-settings> 9) A ton of things imported from SCM (as Duncan mentioned) for monitoring our own servers that they are getting the settings they are supposed to have. Of course we have a lot more; but those are usually short term things; sometimes up to 6 months; usually 2 weeks or less. People just want "a quick count of..." something. and it's often easier to get that via a ConfigItem than doing a mof edit. On Thursday, January 21, 2016 2:05 PM, Duncan McAlynn <[email protected]<mailto:[email protected]>> wrote: Using Microsoft Security Compliance Manager 3.0, I export modified baselines for security-related visibility by operating system (Windows 7/8/Server 2012) or by server function (i.e. AD, Exchange, Hyper-V, DNS, etc…). You can learn more about SCM 3.0 at: https://technet.microsoft.com/en-us/library/cc677002.aspx Duncan McAlynn, Sr. Solutions Specialist, Americas HEAT Software M: +1.512.391.9111 | [email protected]<mailto:[email protected]> HEAT Software | 490 N McCarthy Blvd. Suite 100 | Milpitas, CA 95035 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Daniel Ratliff Sent: Thursday, January 21, 2016 1:01 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: What are you using configuration baselines for? Anything that needs enforced and forgotten about we use GPO. Anything that requires running a script, or being reported on, we use a compliance script. A few examples of our compliance scripts: • Setting BCDEdit settings for all devices • Setting a lot of 1E settings for Nomad and PXE • Adding a lot of custom hardware inventory classes to WMI • Inventory usage of a Host on Demand web app • Setting the local admin password (will be using LAPS in the future) • Lots more Daniel Ratliff From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of John Aubrey Sent: Thursday, January 21, 2016 1:45 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: What are you using configuration baselines for? I would be very interested in what everyone is using it for. It’s the part of configmgr that we really don’t use. I have one that checks the default browser, and one for the “Local Group Members into WMI with logging” From: mailto:[email protected] [mailto:[email protected]] On Behalf Of Linkey, Mike Sent: Thursday, January 21, 2016 12:30 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: What are you using configuration baselines for? We Disable PST write/creation and disable USB write permissions. I am interested in what you have done for Adobe if you are willing to share. Is there a list of what folks have done that people can get them from? Mike L. From: mailto:[email protected] [mailto:[email protected]] On Behalf Of Chris Carbone Sent: Thursday, January 21, 2016 11:08 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] What are you using configuration baselines for? Hello all, I just recently gained access to configuration baselines in SCCM and so far I’ve created one for Adobe Reader to turn off automatic updates. Then I created another for verifying all our servers have all the printers installed in our environment. I wanted to survey all of you wonderful people and find out what baselines you are getting the most use out of? Thanks! This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately.
