Thought of sharing an excellent series of blog posts on Desired Configuration Management (DCM) by Jeremy Barth. Update : The following links are not working now. They have changed the URLs. You can reach those posts from here.
The overall theme of this series on SCCM Desired Configuration Management has been to provide you with a low-level understanding of the mechanics of DCM, give you a sense of the wider business context in which it is useful, and give you the tools to pursue your own enterprise IT management goals. This final post covers one additional freely-downloadable baseline, no great shakes in and of itself, but emblematic of what the future likely holds: plugging third party baselines into DCM to validate our organization’s compliance with a neutral standard. We then conclude with a technique for helping to make PCs self-remediating when they are found to be out-of-compliance.
First Steps in Creating an SCCM DCM Baseline for Laptop Security
Configuration Items for SCCM DCM Laptop Security
SCCM DCM Config Items Based on Programmatic Queries
Creating the SCCM DCM Baseline for Laptop Security
SCCM DCM and Microsoft’s Security Compliance Manager
SCCM DCM Wrapup – Third Party Baselines and Auto-Remediation