For you all that took the time to read the whole post you can download an exported. Then we can add it to a baseline and deploy it to our clients. Then we create a compliance rule with the following settings. Then we edit the discovery script and paste the script as shown below. Then we create a new Configuration Item, and select the option to apply to Windows Desktops and Servers (custom)Ĭreate a new Configuration Item with following settings: We need to start with checking the client agent settings so that it allows Powershell scripts that are not signed to be run by the SCCM client, or sign the script. It can also be used in many scenarios that Group Policy cannot, like when managing clients on the internet using the Cloud Management Gateway. Using Configuration Manager CI’s and Baselines to configure your clients is an extremely powerful tool, GPO is basically fire and forget here vi get status back.
2) Enter the local Group Policy Editor AppLocker. $Applocker = Get-AppLockerPolicy -Effective |Where-Object 1) Enter Service, set the Application Identity startup type to automatic. The discovery script(Note it requires WMF 4 or later): We could also do a remediation script to start the AppIDSvc again if stopped but I normally use a Group Policy to set the service to start Automatically so if it isn’t started something else is wrong, GPO not being applied or something. Applocker is used more and more so I wrote this little Powershell script that can be run as a Configuration Item which checks that the Application Identity service is running and an Applocker policy is applied.
0 kommentar(er)
