Non-Compliance Severity Level | Number Mapping |
---|---|
Information – no Windows event messages | 1 |
Information | 2 |
Warning | 3 |
Error | 4 |
You can build your collection query based on the non-compliance severity level of a configuration item or a configuration baseline. You will need to specify the unique ID associated with the configuration item or configuration baseline, in addition to the display name. You can find the unique ID values by adding the column CI Unique ID to the display columns on the home pages for the Configuration Baselines node, or the Configuration Items node.For more information, follow the procedure in How to Distinguish Configuration Data with the Same Name in Desired Configuration Management. You can use the query builder to create your collection query, or you can use the query example in the following procedures. After using these procedures, perform the following steps:
- Ensure that you have created a Configuration Manager 2007 package containing software or scripts to remediate the non-compliant configuration item or configuration baseline.
- Create a mandatory advertisement using standard software distribution methods to distribute this package to computers in the collection that you have created.
To remediate non-compliant computers by compliance state using software distribution
- Copy the following query and paste it into a text editor, such as Notepad:
select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_CI_ComplianceState on SMS_G_System_CI_ComplianceState.ResourceID = SMS_R_System.ResourceId Where SMS_G_System_CI_ComplianceState.ComplianceStateName = "<ComplianceState>" and SMS_G_System_CI_ComplianceState.LocalizedDisplayName = "<BaselineName>" and SMS_G_System_CI_ComplianceState.CI_UniqueID = "<CI Unique ID>"
- In the query, change <ComplianceState> to the compliance state of the configuration item or configuration baseline. This can be one of:
- compliant
- non-compliant
- In the query, change <BaselineName> to the name of the configuration baseline or the configuration item as it appears in the Configuration Manager console.
- In the query, change <CI Unique ID> to the unique ID associated with the configuration item or configuration baseline.
- Create the collection by right-clicking the Collections node and then selecting New Collection to launch the New Collection Wizard.
- On the General page, specify the collection name and, optionally, specify a description.
- On the Membership Rules page, click the second Membership rules icon to display the Query Rules Properties dialog box.
- Ensure System Resource is selected as the Resource class, and then click Edit Query Statement.
- In the Query Statement Properties dialog box, click Show Query Language.
- In the Query Statement Properties dialog box, paste the modified query into the Query Statement edit box.
- Click OK to save the query and close the Query Statement Properties dialog box.
- In the Query Rule Properties dialog box, optionally select Limit to collection, and then click OK.
- On the Membership Rules page of the New Collection Wizard, optionally click Schedule if you want to define a collection membership update schedule that is shorter than the default of every day.
- If you are defining an alternative schedule, specify your alternative in the Custom Schedule dialog box, and then click OK.
- Complete the wizard.
To remediate non-compliant computers by non-compliance severity using software distribution
- Copy the following query and paste it into a text editor, such as Notepad:
select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_CI_ComplianceState on SMS_G_System_CI_ComplianceState.ResourceID = SMS_R_System.ResourceId Where SMS_G_System_CI_ComplianceState.ComplianceStateName = non-compliant And SMS_G_System_CI_ComplianceState.MaxNoncomplianceCriticality = "<Severity>" and SMS_G_System_CI_ComplianceState.LocalizedDisplayName = "<BaselineName>" and SMS_G_System_CI_ComplianceState.CI_UniqueID = "<CI Unique ID>"
- In the query, change <Severity> to the non-compliance severity level of the configuration item or configuration baseline. This can be one of the following:
- 1 (Information – no Windows event messages)
- 2 (Information)
- 3 (Warning)
- 4 (Error)
- In the query, change <BaselineName> to the name of the configuration baseline or the configuration item as it appears in the Configuration Manager console.
- In the query, change <CI Unique ID> to the unique ID associated with the configuration item or configuration baseline.
- Create the collection by right-clicking the Collections node and then selecting New Collection to launch the New Collection Wizard.
- On the General page, specify the collection name and, optionally, specify a description.
- On the Membership Rules page, click the second Membership rules icon to display the Query Rules Properties dialog box.
- Ensure System Resource is selected as the Resource class, and then click Edit Query Statement.
- In the Query Statement Properties dialog box, click Show Query Language.
- In the Query Statement Properties dialog box, paste the modified query into the Query Statement edit box.
- Click OK to save the query and close the Query Statement Properties dialog box.
- In the Query Rule Properties dialog box, optionally select Limit to collection, and then click OK.
- On the Membership Rules page of the New Collection Wizard, optionally click Schedule if you want to define a collection membership update schedule that is shorter than the default of every day.
- If you are defining an alternative schedule, specify your alternative in the Custom Schedule dialog box, and then click OK.
- Complete the wizard.