Compliance baselines prerequisites for SCCM


  1. Run Compliance Baselines on clients using SCCM

This setting is located in the Administration workspace under Overview ⇒ Client Settings ⇒ Default Client Agent Settings. Then right-click and select Properties. This will open the properties window for the client settings. By setting the “Enable compliance evaluation on clients” option to “Yes”, you enable this option in the default settings. The default schedule for evaluation is every 7 days.

You can adjust this schedule as necessary for your environment, including using a custom schedule that will allow you more control over when it runs.
The default schedule will typically be adequate for most environments.

You can also modify the default client settings, create new custom client settings, or modify existing custom client settings. You can create or modify custom client settings when you want to apply a group of client settings to specific collections.Client Settings - Default settings


  1. Running Powershell scripts on clients using SCCM:

    1. is to sign the script with your company trusted certificate
    2. is to set the PowerShell execution policy to “Bypass”.

    If you are not about to sign your scripts, please go to Administration->Client Settings, select the default (or create a new) Client Settings and set the PowerShell execution policy to “Bypass” in the “Computer Agent” section of the client settings. This action allows unsigned PowerShell scripts to run properly when they executed by the Computer Agent. If you don’t use the default client settings, you need to make sure the custom client settings you created are also deployed to the collection you will be checking compliance on.
    Client Settings - Powershell execution Policy


  1. Reporting Services Point SCCM role

    Should be installed in your environment for reporting.
    Assuming this role is already installed as reporting is a core requirement in the majority of SCCM functions.

One thought on “Compliance baselines prerequisites for SCCM

  1. Pingback: Using SCCM CI Baseline to check for expiring user certificates - Thomas Marcussen

Feel free to comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.