The Four Files You Need to Remove From Configuration Manager Environment (Reporting)

Dana Epp gave a presentation on how hackers can gain access to your environment and how ConfigMgr administrators can reduce these threats. To get more insight into these security risks, make sure to follow Dana on Twitter.

I will be encouraging everyone to follow his advice, and I agreed to help Dana get the word out by writing a 5-part blog post series. This is the last post.

Dana recommends that you delete these four files:

• C:\sysprep.inf

• C:\sysprep\sysprep.xml

• %windir%\Panther\Unattend\Unattend.xml

• %windir%\Panther\Unattend.xml

After creating Configuration Items, a Configuration Baseline, and deploying this Configuration Baseline to discover four files that should be removed from all PCs, we can now review our compliancy results.

We will use the ConfigMgr 2012 built-in report, List of assets by compliance state for a configuration baseline.

This report will allow me to quickly review what PCs are compliant and which ones are not.

First, access your SSRS website and browse to the Compliance and Settings Management folder. Next execute the report called List of assets by compliance state for a configuration baseline.

Reporting - Non-Compliant

Notice in the above screenshot that only one computer is Non-Compliant.

Next, logon to the server and delete the file(s). Now re-run the evaluation cycle for this baseline. A few minutes later, everything will be compliant across the board.

Reporting - Compliant

Now that I have removed all of these files from my environment, I have made it that much harder for a hacker!

pingbacks / trackbacks

Leave a Comment

Share via
Copy link