< Blog

Configuration Baseline Remediation: Part 1 – Configuration Item

By Joseph Yedid

In a previous blog post by Garth Jones, Where Are My Network Drives?, he encountered a situation where his network drives were not available to an application. Basically, the solution was to add the registry value below:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

“EnableLinkedConnections”=dword:00000001

Garth did this for a single system, but what if you needed to do this for 100 systems? 1,000 systems? That’s a lot of manual work!!

You could create a package and program in Configuration Manager to deploy the registry key, but what if you added new systems over time? There’s got to be a better way.

Configuration Baseline remediation to the rescue!

Now every new system that becomes a Configuration Manager client and is added to the correct collection automatically gets the baseline. I will show you how this is done.

In the following example, I already added the EnableLinkedConnections registry entry on my Configuration Manager server. The next steps will show you how to create the Configuration Item.

Configuration Baseline Remediation-CI-Step1

1. In the Configuration Manager console, under the Assets and Compliance workspace, expand Compliance Settings and select Configuration Items. From the ribbon, click Create Configuration Item.

Configuration Baseline Remediation-CI-Step2

2. Give the Configuration Item a name and then press Next.

Configuration Baseline Remediation-CI-Step3

3. On the Supported Platforms page, click Next.

Configuration Baseline Remediation-CI-Step4

4. On the Settings page, click New.

Configuration Baseline Remediation-CI-Step5

5. Click Browse.

Configuration Baseline Remediation-CI-Step6

6. Navigate the registry to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

Find the EnableLinkedConnections entry. Data type should be Integer. Check Select the rule that defines compliance for the selected registry value.

Also make sure that The selected registry value must exist on client devices option is selected.

Click OK.

Configuration Baseline Remediation-CI-Step7

7. The General page is now populated. Select the Compliance Rules tab.

Configuration Baseline Remediation-CI-Step8

8. On the Compliance Rules page, click New.

Configuration Baseline Remediation-CI-Step9

9. Give the new rule a name. Rule type should be Value. The setting must comply with the following rule: Equals the following values 1. Check Remediate noncompliant rules when supported.

Click OK.

Configuration Baseline Remediation-CI-Step10

10. Click OK.

Configuration Baseline Remediation-CI-Step11

11. Click Next.

Configuration Baseline Remediation-CI-Step12

12. Click Next.

Configuration Baseline Remediation-CI-Step13

13. Click Next.

Configuration Baseline Remediation-CI-Step14

14. Finally, click on Close.

We now have our Configuration Item created. In next week’s post, I will show you how I created a baseline and deployed it to client systems.