Use the following sections to understand how a computer evaluates the compliance of configuration items in Configuration Manager 2007.
Each configuration item in the configuration baseline assigned to the client is evaluated in turn for the following:
- Applicability
- Detection
- The compliance of objects and settings
The result of the evaluation is reported by the client as its Actual Compliance value displayed in desired configuration management reports.
For more information about the reports in desired configuration management, see About Reports for Desired Configuration Management.
For more information about how a computer evaluates its overall compliance, see About Compliance and Compliance Information in Desired Configuration Management.
Refer to the following sections for detailed information about how desired configuration management evaluates each of the following configuration item:
- General
Configuration Item
- Operating
System Configuration Item
- Application Configuration
Item
- Software Update Configuration
Item
How a General Configuration Item is Evaluated for Compliance
Compliance for a general configuration item is evaluated for its Actual Compliance as described in the following table.
| Evaluation Step | More Information |
|---|---|
|
Applicability |
The applicability property in the general configuration item determines whether client computers should evaluate the configuration item or not. If the configuration item is configured with an applicability value that does not apply to the client (for example, Windows XP Service Pack 1 and the client is running Windows XP Service Pack 2), the Actual Compliance of the general configuration item is set to Not Applicable and the rest of the configuration item is not evaluated on the client. However, if the configuration item is configured with an applicability value that applies to the client (for example, all Windows platforms and the client is running Windows XP Service Pack 2), the rest of the configuration item is evaluated on the client. |
|
Detection |
The detection method is not configurable for a general configuration item, so if the applicability evaluates as true, the objects and settings are then evaluated for compliance. |
|
Compliance of Objects and Settings |
If the applicability evaluates as true, the objects and settings are evaluated for compliance with the following results:
|
How an Operating System Configuration Item is Evaluated for Compliance
Compliance for an operating system configuration item is evaluated for its Actual Compliance in the following table.
| Evaluation Step | More Information |
|---|---|
|
Applicability |
The applicability property is not configurable for an operating system configuration item because an operating system configuration item is always considered applicable. |
|
Detection |
When an operating system configuration item is defined, the detection evaluation uses the Windows version specified in the operating system configuration item before checking the objects and settings for compliance. If clients are not running the version of Windows specified, the compliance of the configuration item is set to Not Detected, and the compliance of the objects and settings are not checked. |
|
Compliance of Objects and Settings |
If the detection method evaluates as true, the objects and settings are evaluated for compliance with the following results:
|
How an Application Configuration Item is Evaluated for Compliance
An application configuration item is the most complex of the configuration item types because it can be evaluated for all three states: applicability, detection, and compliance with objects and settings. This complexity provides the greatest versatility in how compliance can be assessed, using three different configuration baseline rules.
 Note |
|---|
| For an example of how compliance is evaluated for an application configuration item with all three configuration baseline rules, see the topic Example Compliance Evaluation for a Desired Configuration Management Application Item. |
Compliance for an application configuration item is evaluated for its Actual Compliance in the following table.
| Evaluation Step | More Information |
|---|---|
|
Applicability |
The applicability property in the application configuration item determines whether or not client computers evaluate the configuration item. If the configuration item is configured with an applicability value that does not apply to the client (for example, Windows XP Service Pack 1 and the client is running Windows XP Service Pack 2), the Actual Compliance is set to Not Applicable and the rest of the configuration item is not evaluated on the client. However, if the configuration item is configured with an applicability value that applies to the client (for example, all Windows platforms and the client is running Windows XP Service Pack 2), detection is then evaluated on the client. |
|
Detection |
The detection method property of an application configuration item allows you to determine whether the application is present on the computer. If the application is configured with a detection method and the application is not detected, the Actual Compliance of the configuration item is set to Not Detected and the compliance of the objects and settings are not evaluated. If the application configuration item is configured with Always assume application is installed or the detection method is configured and the application is detected, the compliance of the objects and settings are then evaluated. |
|
Compliance of Objects and Settings |
If the detection method evaluates as true, the objects and settings are evaluated for compliance with the following results:
|
How a Software Update Configuration Item is Evaluated for Compliance
Compliance for a software update configuration item is evaluated for its Actual Compliance in the following table.
| Evaluation Step | More Information |
|---|---|
|
Applicability |
The administrator cannot configure the applicability of a software update configuration item. Instead, the applicability property is hard-coded in the software update by the supplying vendor. If the software update configuration item is not applicable to the client, as determined by the software update evaluation, the Actual Compliance is set to Not Applicable and the rest of the configuration item is not evaluated on the client. |
|
Detection |
The detection method is also hard-coded into a software update configuration item and is the means by which the software update vendor determines whether or not the applicable software update is installed. When evaluating software updates for compliance on client computers, this is the value that is used. If the software update configuration item is applicable but not detected on the client, as determined by the software update evaluation, the Actual Compliance is set to Not Detected and the rest of the configuration item is not evaluated on the client. If the software update configuration item is applicable and detected on the client, as determined by the software update evaluation, the Actual Compliance is set to Detected. |
|
Compliance of Objects and Settings |
If the software update configuration item is applicable and detected on the client, compliance evaluation stops there. Software update configuration items have no settings and objects to evaluate, so the compliance of these are predetermined and the Actual Compliance is set to Compliant. |