Escolar Documentos
Profissional Documentos
Cultura Documentos
Version 2.0
If you are using this documentation solely for non-commercial purposes internally within YOUR
company or organization, then this documentation is licensed to you under the Creative Commons
Attribution-NonCommercial License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543
Howard Street, 5th Floor, San Francisco, California, 94105, USA.
This documentation is provided to you for informational purposes only, and is provided to you
entirely "AS IS". Your use of the documentation cannot be understood as substituting for
customized service and information that might be developed by Microsoft Corporation for a
particular user based upon that user’s particular environment. To the extent permitted by law,
MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND
STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE
IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM.
Microsoft may have patents, patent applications, trademarks, or other intellectual property rights
covering subject matter within this documentation. Except as provided in a separate agreement
from Microsoft, your use of this document does not give you any license to these patents,
trademarks or other intellectual property.
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious.
Microsoft, Access, Active Directory, ActiveX, Excel, InfoPath, Internet Explorer, Outlook,
PowerPoint, Visual Basic, Windows, Windows Server, Windows Vista, and Windows XP are either
registered trademarks or trademarks of Microsoft Corporation in the United States and/or other
countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
You have no obligation to give Microsoft any suggestions, comments or other feedback
("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft
then you provide to Microsoft, without charge, the right to use, share and commercialize your
Feedback in any way and for any purpose. You also give to third parties, without charge, any
patent rights needed for their products, technologies and services to use or interface with any
specific parts of a Microsoft software or service that includes the Feedback. You will not give
Feedback that is subject to a license that requires Microsoft to license its software or
documentation to third parties because we include your Feedback in them.
Contents
Overview............................................................................................1
Prerequisite.....................................................................................1
About Configuration Manager 2007.....................................................2
About the DCM Feature.....................................................................2
Requirements..................................................................................3
Terms and Definitions........................................................................3
Support and Feedback 4
Acknowledgments.............................................................................4
Development Team 4
Contributors and Reviewers 5
Chapter 1: Configuring the DCM Feature.............................................7
Choosing Configuration Packs.............................................................7
Understanding Your Environment 7
Available Configuration Packs 8
Limitations of the Configuration Packs 9
Planning Site Collections....................................................................9
Handling Exceptions 11
Working with Configuration Manager..................................................13
Task Overview 13
Task 1: Access the Configuration Manager Console 13
Task 2: Load a Configuration Pack 15
Task 3: Apply the Baseline 15
Task 4: Customize a Configuration Pack17
More Information............................................................................24
Chapter 2: Reporting.........................................................................25
Accessing and Running Reports.........................................................25
Determining Which Reports to Run 28
Creating Exception Reports 28
IT Management Reporting................................................................29
IT Specialist Reporting.....................................................................29
More Information............................................................................30
More Information
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Overview
This DCM Configuration Pack User Guide is a primary component of the Security Compliance
Management Toolkit. The other components for this toolkit include:
• The Baseline Compliance Management Overview document. This document provides background
about how to achieve security compliance using prescribed security baselines in the following
guides:
• Windows Server 2008 Security Guide
• Windows Server 2003 Security Guide
• Windows Vista Security Guide
• Windows XP Security Guide
• 2007 Microsoft Office Security Guide
• Configuration Packs. The 26 Configuration Packs for this toolkit are XML manifests designed for
use with the desired configuration management (DCM) feature of Microsoft® System Center
Configuration Manager 2007 Service Pack 1 (SP1). You can use the Configuration Packs in
combination with this feature to implement rule checks and validate that the prescribed security
baselines work correctly on the computers in your environment.
Note Configuration Manager 2007 SP1 is required to support Windows Server
2008.
This user guide describes how to use Configuration Manager 2007 SP1 and the DCM feature to examine
and validate the compliance state of a security baseline based on the prescribed settings in your
organization. The guide, which provides detailed instructions about how to load and operate the
Configuration Packs, consists of the following chapters:
• Chapter 1: Configuring the DCM Feature. This chapter demonstrates how to set up and operate the
DCM feature with the Configuration Packs for this toolkit.
• Chapter 2: Reporting. This chapter discusses the reporting capability available through the DCM
feature in Configuration Manager 2007 SP1. This capability allows IT specialists to use built-in
reports to identify and remediate compliance issues, and provide these reports to management
and auditors.
Prerequisite
You must have access to System Center Configuration Manager 2007 SP1 and the DCM feature on a
computer prior to using the procedures in this guide with the Configuration Packs. Microsoft
recommends installing this software on a computer in a test environment that you can use with a
limited number of client computers. Use this test environment to conduct all initial planning and
configuration procedures before implementing them in a production environment.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
2 DCM Configuration Pack User Guide
into and control over your IT systems. Key capabilities of Configuration Manager include the ability to
do the following:
• Conduct hardware and software inventories.
• Distribute and install software applications.
• Distribute and install software updates, such as security updates.
• Work with Network Policy Server (NPS) in Microsoft Windows Server® 2008 to restrict computers
from accessing the network if they do not meet requirements, such as not having certain security
updates installed.
• Deploy operating systems.
• Specify a desired configuration for one or more computers and then monitor adherence to the
configuration.
• Meter software usage.
• Remotely control computers to provide troubleshooting support.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Overview 2
Requirements
The Security Compliance Management Toolkit includes the following software and operational
requirements:
• Software requirements: An enterprise systems environment or test environment with computers
able to run the following software:
• System Center Configuration Manager 2007 SP1 with the DCM feature.
• Client computers running Windows Vista® SP1.
• Client computers running Windows® XP Professional SP3.
• Server computers running Windows Server® 2008.
• Server computers running Windows Server® 2003 SP2.
This toolkit works in conjunction with the following security guides produced by the Solution
Accelerators – Security and Compliance (SA–SC) team. The following security guides, and the
GPOAccelerator tool, are required to accomplish the deployment portion of the security
compliance management process:
• Windows Vista Security Guide.
• Windows XP Security Guide.
• Windows Server 2008 Security Guide.
• Windows Server 2003 Security Guide.
• 2007 Microsoft Office Security Guide.
• GPOAccelerator tool.
• Operational requirements: This toolkit requires careful planning and execution.
Microsoft recommends reading the Baseline Compliance Management Overview for background on
the concepts discussed in this document before using the deployment process for this toolkit.
Microsoft also recommends informing both IT operational management and company management
of plans to implement and test the toolkit before deploying it in your organization.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
2 DCM Configuration Pack User Guide
kinds of tasks that you want to perform. Collections also serve as targets for Configuration
Manager operations.
• Collections node: The Collections node in the Configuration Manager Console contains the
collections that are defined for the current site. The results pane displays the resources that are
contained in the selected collection.
• Results pane: The Results pane appears in the Configuration Manager Console that displays the
results when an item in the left pane of the console is selected.
Acknowledgments
The Solution Accelerators – Security and Compliance (SA–SC) team would like to acknowledge and
thank the team that produced the Security Compliance Management Toolkit and this guide. The
following people were either directly responsible or made a substantial contribution to the writing,
development, and testing of the DCM Configuration Pack User Guide.
Development Team
Development Lead
Michael Tan
Developers
Haikun Zhang – Minesage Co Ltd
Hui Zeng – Minesage Co Ltd
Trevy Burgess – Excell Data Corporation
ZhiQiang Yuan – Minesage Co Ltd
Subject Matter Expert
Tony Noblett – Socair Solutions
Editors
Jennifer Kerns – Wadeware LLC
John Cobb – Wadeware LLC
Steve Wacker – Wadeware LLC
Product Managers
Alan Meeus
Frank Simorjay
Jim Stuart
Karla Korchinsky – Xtreme Consulting Group Inc
Shruti Kala
Program Managers
Gaurav Bora
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Overview 2
Flicka Enloe
Kelly Hengesteg
Vlad Pigin
Release Manager
Karina Larson
Test Manager
Sumit Parikh – Infosys Technologies Ltd
Testers
Ankit Agarwal – Infosys Technologies Ltd
Bidhan Chandra Kundu – Infosys Technologies Ltd
Dhanashri Dorle – Infosys Technologies Ltd
Manish Patel – Infosys Technologies Ltd
Raxit Gajjar – Infosys Technologies Ltd
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 1: Configuring the DCM
Feature
This chapter demonstrates how to operate the desired configuration management (DCM) feature in
Microsoft® System Center Configuration Manager 2007 Service Pack 1 (SP1) for security baseline
compliance monitoring. You use the DCM feature to monitor the settings on computers in a site
collection. However, before the procedures for this feature, this chapter offers planning considerations
about how to choose Configuration Packs for your environment, and how to create site collections.
After completing these planning activities, you can configure the DCM feature to use the Configuration
Packs and assign them to site collections that fit the needs of your organization.
This toolkit focuses on the monitoring portion of the security compliance management process.
Properly deploying security baselines for the computers in your organization is a required activity for
this toolkit. This activity is discussed in Chapter 2, "Deploy," of the Baseline Compliance Management
Overview document. For information about establishing security baseline settings for the operating
systems in scope for this toolkit, see the "Requirements" section in the Overview companion
document.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 1: Configuring the DCM Feature 3
includes the following 26 Configuration Packs that are categorized by operating system, security
baseline (EC or SSLF), and computer or server role:
• WS08-EC-Domain.cab
• WS08-EC-Domain-Controller.cab
• WS08-EC-Member-Server.cab
• WS08-SSLF-Domain.cab
• WS08-SSLF-Domain-Controller.cab
• WS08-SSLF-Member-Server.cab
• WS03-EC-Domain.cab
• WS03-EC-Domain-Controller.cab
• WS03-EC-Member-Server.cab
• WS03-SSLF-Domain.cab
• WS03-SSLF-Domain-Controller.cab
• WS03-SSLF-Member-Server.cab
• VSG-EC-Domain.cab
• VSG-EC-Desktop.cab
• VSG-EC-Laptop.cab
• VSG-SSLF-Domain.cab
• VSG-SSLF-Desktop.cab
• VSG-SSLF-Laptop.cab
• XPG-EC-Domain.cab
• XPG-EC-Desktop.cab
• XPG-EC-Laptop.cab
• XPG-SSLF-Domain.cab
• XPG-SSLF-Desktop.cab
• XPG-SSLF-Laptop.cab
• OSG-EC.cab
• OSG-SSLF.cab
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
4 DCM Configuration Pack User Guide
enterprise, Windows Server 2003 SP2 on its servers, and Windows XP Professional SP3 on both laptops
and desktops. Each site collection that Contoso creates uses only one SCM baseline as shown in the
following figure. The actual image of this for your organization will differ depending on the operating
systems that are deployed in the environment.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 1: Configuring the DCM Feature 5
Handling Exceptions
Exceptions to security baselines are absolutely required in today’s complex infrastructures. Generally,
there are two methods that you can use to deal with exceptions: modify the collection and configuration
baseline, or report only on those computers that fit the Configuration Packs and exclude those that do
not.
Within the context of this toolkit, we recommend using the first method. If you want to exempt specific
computers, locate them in their own site collections, and then customize the security baselines for this
toolkit to meet your needs.
The second method, which uses reporting tools, is viable but can create unnecessary complexity in
reporting processes, which can lead to mistakes and overreaction from IT administrative staff and
management. Microsoft recommends using the reporting approach only if you cannot find a way to
isolate computers with exceptions.
The following example process flow diagram is designed to demonstrate a decision making process
that you might use to handle exceptions.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
6 DCM Configuration Pack User Guide
asked. If the answer is No, the IT security specialist can customize each computer that needs an
exemption.
4. If the answer is Yes, the IT security specialist can create a custom site collection for the computers
that require an exemption. Examples of situations that might require such an approach include the
following types of computers:
• ERP application servers.
• HR application server.
• CRM application servers.
• Legacy application servers.
• Shared desktops.
For more information about asset values associated with computers, see Chapter 2, "Survey of Risk
Management Practices" in the Security Risk Management Guide. Reference documentation on site
collection selection can be found in Microsoft Deployment: Preparing for Microsoft System
Center Configuration Manager 2007.
This guide suggests that if the computers are not subject to the same entire compliance baseline, you
should locate them in separate site collections to manage their configuration requirements separately.
If you need to exempt or make exceptions for specific configuration items or settings, modify the
configuration items or settings and then create a customized configuration management pack for this
situation.
Note When you apply configuration baselines, if you attempt to apply more than one
hardware profile (desktop and laptop) to the same client computer, you will receive
incorrect information from Configuration Manager. Likewise, if you attempt to apply
more than one server role (domain controller and member server) to the same
computer, you will receive incorrect information.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 1: Configuring the DCM Feature 7
Task Overview
To use the Security Compliance Management Toolkit, you must have a working installation of
Configuration Manager 2007 SP1 with the DCM feature, and created one or more site collections using
the planning guidance in this document. Setting up Configuration Manager is the most time consuming
portion of this toolkit. For information about how to install Configuration Manager, see System
Center Configuration Manager 2007 on Microsoft TechNet.
To start working with the DCM feature of Configuration Manager and the Configuration Packs for this
toolkit, complete the following tasks:
1. Access the Configuration Manager Console.
2. Load a Configuration Pack.
3. Apply the baseline.
4. Customize a Configuration Pack.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
8 DCM Configuration Pack User Guide
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 1: Configuring the DCM Feature 9
• The left pane of the console provides a node or tree view of the primary features available in
Configuration Manager. In this pane, Under Desired Configuration Management:
• The Configuration Baselines node contains baselines that have been applied to the test site
collection.
The baselines comprise groups or collections of configuration items. Each configuration item
contains the actual settings that the DCM feature validates.
• The Configuration Items node contains all the individual configuration items that the client
agent uses to query the computers in the site collection.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
10 DCM Configuration Pack User Guide
Figure 1.4 The Choose Configuration Baselines page of the Assign Configuration Baseline Wizard
3. The Choose Configuration Baselines page of the wizard provides you with options to perform the
following three actions:
• Click Add to start the process of adding a baseline that does not yet display in the Selected
configuration baselines dialog box.
• Click Remove to remove a configuration baseline.
• Click the configuration baseline in the dialog box that you want to assign, and then click Next
to assign it.
1. On the Choose Collection page, click Browse to locate the computer collection that you want to
apply to this configuration baseline. Select the collection, and then click OK.
2. On the Choose Collection page of the wizard, click Next.
3. On the Set Schedule page of the wizard, define the compliance check schedule for the baseline,
and then click Next.
Note When defining the compliance check schedule for the DCM feature, consider
server load if you are running the check against a large computer collection.
4. On the Summary page of the wizard, click Next.
5. On the Confirmation page of the wizard, the green circles with check marks indicate
that you have successfully applied your configuration baseline. Click Close to exit the
wizard.
For information about how to collect and run reports for the configuration baseline that you have
loaded and applied, see Chapter 2, "Reporting."
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 1: Configuring the DCM Feature 11
collection running a Windows operating system. This section provides instructions to customize the
settings in the Configuration Packs that are in scope for this toolkit. You can use these Configuration
Packs as templates that provide a starting point for your customization work.
When customizing a Configuration Pack, only customize the validation rules in the Configuration Pack.
This ensures that the Configuration Pack will work correctly, and that the verification process for the
DCM feature will perform as expected.
Note The Configuration Packs provided with this toolkit are recommended by
Microsoft. The effects on the enterprise data integrity of any customization is the
responsibility of the user.
Task Overview
The customization of a Configuration Pack breaks down into the following two subtasks:
1. Customizing a validation rule setting.
2. Applying a validation rule to a new configuration baseline.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
12 DCM Configuration Pack User Guide
Figure 1.5 The General tab of the Properties page for the configuration item
4. On the Properties page for the configuration item, click the Settings tab, and then click All settings
to view the settings that comprise the configuration item as displayed in the following figure.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 1: Configuring the DCM Feature 13
Figure 1.6 The Settings tab of the Properties page for the configuration item
5. On the Settings tab, double-click Minimum password length to display the Properties page of the
setting.
6. On the Properties page, click the Validation tab and then select the Minimum password length
setting.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
14 DCM Configuration Pack User Guide
Figure 1.7 The Validation tab of the Properties page for the Minimum password length setting
7. On the Validation tab, click Edit to display the Configure Validation dialog box in the following
figure.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 1: Configuring the DCM Feature 15
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
16 DCM Configuration Pack User Guide
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 1: Configuring the DCM Feature 17
6. On the Properties page of the duplicate setting, click OK to close it and return to the Configuration
Baselines window in the results pane.
7. In the Configuration Baselines area of the results pane:
a. Select Vista-Enterprise-Desktop[1], right-click it, and then select Properties from the submenu.
b. On the Properties page, click the Rules tab to ensure that the modified configuration item
Vista-Enterprise-Desktop-Password Policy-Child[1] is visible as displayed in the following
figure.
Figure 1.10 The Rules tab displaying the duplicate configuration item
1. Now delete the original CI from the baseline by selecting Vista-Enterprise-Desktop-Password
Policy-Child from the Properties page, and then clicking Delete.
2. On the Vista-Enterprise-Desktop[1] Properties dialog box, click OK.
You can now use this customized baseline and assign it to a computer collection, as described in "Task
3: Apply the Baseline" of this chapter.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
18 DCM Configuration Pack User Guide
More Information
For more information about using the DCM feature and the Configuration Management Console in
Configuration Manager, see the following resources:
• Desired Configuration Management in Configuration Manager.
• Microsoft Deployment: Preparing for Microsoft System Center Configuration
Manager 2007.
• System Center Configuration Manager 2007.
• System Center Configuration Manager 2007 Administrators Companion: Chapter 9.
• Security Risk Management Guide.
• Understanding Collections on the Systems Management Server TechCenter.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 2: Reporting
The desired configuration management (DCM) feature in Microsoft® System Center Configuration
Manager 2007 Service Pack 1 (SP1) includes a reporting feature that allows IT specialists either to use
built-in reports or customize reports to meet their needs. This chapter examines the reporting
capabilities of Configuration Manager.
Report name
All compliance evaluation failures for a specified computer
Compliance details for a configuration baseline
Compliance details for a configuration baseline by configuration item
Compliance details for a configuration baseline for a specified computer
Compliance evaluation errors for a configuration baseline by configuration item on a
computer
Compliance evaluation errors for a configuration baseline by configuration item on a
computer
Compliance evaluation errors for a configuration item on a computer
Compliance for a computer by configuration baseline
Compliance for a computer by configuration item
Compliance history for a configuration item on a computer
Computers reporting non-compliance for specific configuration item validation criteria
Computers with compliance evaluation failures
Computers with compliance evaluation failures for a specific configuration baseline
Computers with compliance evaluation failures for a specific configuration item
Configuration baseline assignment by collection
Configuration baseline assignment by computer
Non-Compliance details for a configuration item on a computer
Summary compliance by configuration baseline
Summary compliance by configuration item
Summary compliance for a collection by configuration baseline
Summary compliance for a collection by configuration item
Non-Compliance details for a configuration item on a computer
Summary non-compliance for a configuration baseline by validation criteria
Summary non-compliance for a configuration item by validation criteria
3. To obtain a report, on the Reports page, select the report that you want to produce, right-click the
report, and then click Run to produce the Report Information view in the ConfigMgr Report Viewer
(Configuration Manager Report Viewer) similar to the one displayed in the following figure.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 2: Reporting 21
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
22 DCM Configuration Pack User Guide
• Copy lets you copy the report to the clipboard of the computer on which you ran the report.
• Export lets you save the report to a Microsoft Excel® comma separated value or .csv format.
You can then access the report in Excel to create PivotTable® views of the data in the report.
• Print lets you send the report to a printer, or Document Writer, such as an .xps writer or .pdf
writer, and to Microsoft OneNote® 2007, which you can use to consolidate and manipulate
reports.
• Add to Favorites lets you add the report Web page to the Favorites list on the computer on
which you ran the report.
• E-mail lets you create an e-mail message with a link to the report Web page in Microsoft
Outlook® 2007.
The most useful report management options for the IT Specialist are Export to an Excel .csv file.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators
Chapter 2: Reporting 23
IT Management Reporting
For IT management, the two most useful built-in reports available through the DCM feature in
Configuration Manager are:
• Summary Compliance for a Collection by Configuration Baseline
This report provides information on the compliance state of computers in a site collection by
configuration baseline. It shows the number of computers in a site collection, the compliance state
of each computer, and the percentage of computers that are in compliance.
• Non-Compliance Details for a Configuration Item on a Computer
This report helps IT managers to drill down on the report information about a specific computer to
determine the specific cause of the computer's noncompliance state. This report also identifies the
computer's name so that IT management can assign the owner the task of bringing the computer
back in to compliance.
IT Specialist Reporting
IT specialists typically need to produce reports that allow them to efficiently find and fix noncompliance
issues on computers that are under their administration. For IT specialists, the most useful built-in
reports available through the DCM feature in Configuration Manager are:
• Compliance Details for a Configuration Baseline
This report allows the IT specialist to view and manipulate data about a specified configuration
baseline. This report is particularly useful for the IT specialist during the development phase of a
configuration baseline, and, to a lesser extent, to gain an understanding of the compliance level of
the computers that are subject to the implemented baseline.
• Compliance Details for a Configuration Baseline for a Specified Computer
This report allows an IT specialist to examine compliance details of a configuration baseline
specific to a single computer in a collection. The smaller list of objects or setting names and
descriptions in this report makes it useful for an IT specialist to manually investigate and
remediate compliance issues on a specific computer.
• Compliance History for a Configuration Item on a Computer
This report allows an IT specialist to examine the compliance history of a specific configuration
item on a specific computer in a collection. You can select which configuration item to check on a
specified computer, and set a period to monitor it. This reporting capability provides a time-based
view that you can use to determine when a configuration item on the specified computer drifted or
changed. An IT specialist can use this information to more closely identify the root cause of the
change.
• Summary Compliance by Configuration Baseline
This report is of great use to IT specialists, although it might also be of interest to management.
This report provides a quick overview of configuration baseline compliance information in
categories for noncompliance severity, a count of compliant computers, a count of noncompliant
computers, a compliance percentage of computers, and the configuration baseline unique ID
associated with this information.
More Information
The following resources provide additional information about security topics and in-depth discussion
of the concepts and security prescriptions for this toolkit:
• System Center Configuration Manager.
• About Reports for Desired Configuration Management.
SOLUTIONACCELERATORS microsoft.com/technet/SolutionAccelerators