Let’s learn how to create SCCM Configuration Items and Configuration Baselines in ConfigMgr. Requirements and how to create a guide of configuration items and baselines in SCCM are explained below. A configuration item is a container in ConfigMgr that stores specific information.
Configuration Items are widely used in the SCCM world for identifying Software Updates, application models, etc.… In this post, I will cover the information that we configure depends on the configuration item type. Configuration items can include the following information:
- Detection method information
- Compliance rules
- Supported platforms
Note: In this post I will refer Configuration Items as CI and Configuration Baselines as CB.
The Configuration Item and Baseline can be used to check compliance settings for users and devices. In a larger environment migrating from one Windows 10 version to another, we may be required to check the compliance settings of OS versions, driver versions, applications version, user information, etc. If we found any noncompliance devices or users, we can use CI and CB for remediation.
What is Configuration Items in ConfigMgr
Using CI we can handle device settings. CI’s are not deployed directly to the collections but can be deployed via CB. The Configuration Items in ConfigMgr contain any of the following types which can be used in CB.
- Active Directory Query
- File System
- IIS Metabase
- Registry Key
- Registry Value
- SQL Query
- WQL Query
- XPath Query
What is Configuration Baselines in ConfigMgr
Configuration Baselines in configMgr is collection of CI’s and CB’s. CB can be include at least one or more CI’s to be deployed to device and user collections. Also below items are can be part of CB.
- Configuration Items
- Software Updates
- Configuration Baselines
How to create custom Configuration Items in ConfigMgr
Open Configuration Manager Console. Go to Asset and Compliance -> Compliance Settings -> Configuration Items -> click ‘Create Configuration Item‘
- Provide name of CI and select option below and click ‘Next‘.
- Select the operating system version for which you want to create the CI and click ‘Next‘.
- Click on New to create new settings.
- Provide settings Name and select settings type according to the requirement. Here I’m going to check the version of the OS through WQL, so I have selected ‘WQL Query‘ as below.
- Click on ‘Compliance Rules‘ tab and press New to create new rule. You can also create compliance rules as next step as well.
- Give Name of the compliance rule and provide build number of the Win10 20H2 version on ‘For the following values‘ section and press ‘Ok‘ to finalize.
NOTE: You can add a custom PowerShell script to remediate if the CI is non-compliant and can generate the noncompliance report as well by selecting ‘Remediate noncompliant rules when supported‘ & ‘Report noncompliance if this setting instance is not found. In this scenario, I’m using a simple WQL query to detect the OS version.
- As next step press ‘Apply‘ -> ‘Ok‘
- Press Next -> Next -> Close to complete.
How to create Configuration Baselines
Now, in this section we will learn how to create ConfigMgr Configuration Baseline.
- Open Configuration Manager Console. Go to Asset and Compliance -> Compliance Settings -> Configuration Baselines -> click ‘Create Configuration Baseline‘
- Provide configuration baselines ‘Name‘.
- Then click on ‘Add‘ and select ‘Configuration Items‘.
- Select the configuration items you created and press ‘Add‘ -> ‘Ok‘.
- Now configuration items will be added to the configuration baseline. Press ‘Ok‘ to finalize.
How to deploy Configuration Baselines
- Select the Configuration Baseline you created, Right click -> Deploy
- Click on ‘Browse‘ to select the collection for deployment. Also you can customize the schedule time as per requirement.
Click ‘Ok‘ to finalize.
You can see reporting of CB in another blog post.
Video Tutorial – SCCM Configuration Item Baseline Explained by👏Deepak Rai ✔Configuration ✔Remediation ConfigMgr