< Blog

The Four Files You Need to Remove from Configuration Manager’s Environment (Baseline)

By Garth Jones

In my last blog post I talked about a presentation that Dana Epp gave on how hackers can gain access to your environment through four different files. Configuration Manager Administrators, though, can make access difficult for these outside threats by removing these files.

Dana recommends that you delete four specific files because they contain crucial passwords that enable hackers to gain a toe-hold in your environment:

• C:\sysprep.inf

• C:\sysprep\sysprep.xml

• %windir%\Panther\Unattend\Unattend.xml

• %windir%\Panther\Unattend.xml

I will be encouraging all of my clients to follow his advice, and I agreed to help Dana get the word out by writing this blog post series. If you wish, you can review his presentation outline.

This process involves a number of steps, and this is the second part of my 5-part series. Now that a Configuration Item exists for each of the four files (see previous post), let’s add each of them to a Configuration Baseline.

Configuration Baseline - Step 1 

1. In the ConfigMgr 2012 Console, go to Assets and Compliance | Overview | Compliance Settings | Configuration Baselines, and click Create Configuration Baseline in the tool bar.

Configuration Baseline - Step 2 

2. Give your Configuration Baseline a name, click Add, and then select Configuration Items.

Configuration Baseline - Step 3 

3. Highlight one of the Configuration Items you recently created and click Add.

Repeat this step for the three remaining Configuration Items. (This is the name I asked you to remember in yesterday’s post.)

Configuration Baseline - Step 4

4. Click OK to complete the Configuration Baseline.

In next week’s blog post, I will show you how to deploy the Configuration Baseline to a collection.