The Four Files You Need to Remove from Configuration Manager’s Environment (Deploying the Baseline)

In last week’s blog posts I talked about a presentation that Dana Epp gave on how hackers can gain access to your environment through information found in four specific files.

Dana recommends that you delete these four files:

• C:\sysprep.inf

• C:\sysprep\sysprep.xml

• %windir%\Panther\Unattend\Unattend.xml

• %windir%\Panther\Unattend.xml

I will be encouraging everyone to follow his advice, and I agreed to help Dana get the word out by writing these blog posts. If you wish, you can review his presentation outline.

Now that the Configuration Baseline is created (see previous post) it can be deployed to your workstations.

Deploying the Configuration Baseline - Step 1

1. In the ConfigMgr 2012 console, go to Assets and Compliance | Overview | Compliance Settings | Configuration Baseline, and highlight the configuration baseline you recently created. In my example it is called, Privilege Pilgrimage. Right-click on the highlighted baseline and click Deploy.


Deploying the Configuration Baseline - Step 2

2. Select the Collection where the Configuration Baseline is to be deployed.

Wait while the results are returned to your ConfigMgr 2012 environment. This might take a few hours or even days depending on your client settings.

While you are waiting for the results to be returned, go ahead and create a package and program to delete these files automatically. Once the results are returned, deploy your package to those computers.

With these steps you have made it that much more difficult for a hacker to invade your environment. In this scenario you can see the benefits of Configuration Items and a Configuration Baseline. In my opinion, these are under-used features that ConfigMgr administrators should work with more.

In tomorrow’s blog post, I will show you how to test a Configuration Item manually. This process is useful for troubleshooting purposes.

Leave a Comment

Share via
Copy link