Let’s learn how to create SCCM Configuration Items and Configuration Baselines in ConfigMgr. Requirements and how to create a guide of configuration items and baselines in SCCM are explained below. A configuration item is a container in ConfigMgr that stores specific information.
Configuration Items are widely used in the SCCM world for identifying Software Updates, application models, etc.… In this post, I will cover the information that we configure depends on the configuration item type. Configuration items can include the following information:
- Detection method information
- Compliance rules
- Supported platforms
Note: In this post, I will refer to Configuration Items as CI and Configuration Baselines as CB.
The Configuration Item and Baseline can be used to check compliance settings for users and devices. In a larger environment migrating from one Windows 10 version to another, we may be required to check the compliance settings of OS versions, driver versions, applications versions, user information, etc. If we found any noncompliance devices or users, we can use CI and CB for remediation.
What are Configuration Items in ConfigMgr
Using CI we can handle device settings. CI’s are not deployed directly to the collections but can be deployed via CB. The Configuration Items in ConfigMgr contain any of the following types which can be used in CB.
- Active Directory Query
- File System
- IIS Metabase
- Registry Key
- Registry Value
- SQL Query
- WQL Query
- XPath Query
What are Configuration Baselines in ConfigMgr
Configuration Baselines in ConfigMgr is a collection of CI’s and CB’s. CB can be included at least one or more CI’s to be deployed to device and user collections. Also below items are can be part of CB.
- Configuration Items
- Software Updates
- Configuration Baselines
How to create custom Configuration Items in ConfigMgr
Open Configuration Manager Console. Go to Asset and Compliance -> Compliance Settings -> Configuration Items -> click ‘Create Configuration Item‘
Provide the name of CI and select the option below and click ‘Next‘.
Select the operating system version for which you want to create the CI and click ‘Next‘.
Click on New to create new settings.
Provide settings Name and select settings type according to the requirement. Here I’m going to check the version of the OS through WQL, so I have selected ‘WQL Query‘ as below.
Click on the ‘Compliance Rules‘ tab and press New to create a new rule. You can also create compliance rules as the next step as well.
Give the Name of the compliance rule and provide the build number of the Win10 20H2 version on the ‘For the following values‘ section and press ‘Ok‘ to finalize.
NOTE: You can add a custom PowerShell script to remediate if the CI is non-compliant and can generate the noncompliance report as well by selecting ‘Remediate noncompliant rules when supported‘ & ‘Report noncompliance if this setting instance is not found. In this scenario, I’m using a simple WQL query to detect the OS version.
As next step press ‘Apply‘ -> ‘Ok‘
Press Next -> Next -> Close to complete.
How to create Configuration Baselines
Now, in this section, we will learn how to create ConfigMgr Configuration Baseline.
Open Configuration Manager Console. Go to Asset and Compliance -> Compliance Settings -> Configuration Baselines -> click ‘Create Configuration Baseline‘
Provide configuration baselines ‘Name‘.
Then click on ‘Add‘ and select ‘Configuration Items‘.
Select the configuration items you created and press ‘Add‘ -> ‘Ok‘.
Now configuration items will be added to the configuration baseline. Press ‘Ok‘ to finalize.
How to deploy Configuration Baselines
Select the Configuration Baseline you created, Right-click -> Deploy
Click on ‘Browse‘ to select the collection for deployment. Also, you can customize the scheduled time as per requirement.
Click ‘Ok‘ to finalize.
You can see reporting of CB in another blog post.
Video Tutorial – SCCM Configuration Item Baseline Explained by👏Deepak Rai ✔Configuration ✔Remediation ConfigMgr
Debabrata Pati has more than 7+ years of experience in IT. Skilled in MEMCM, Azure, and Powershell. More than five (5) years of experience in MEMCM (SCCM) administration, OSD, and Troubleshooting for the environment with more than 100K client devices.