This procedure guides you through the process of using desired configuration management in Configuration Manager 2007 to create a general configuration item with an object setting to determine whether the registry key Hkey_Local_Machine\Software\Policies\Microsoft\Ccmsetup\SetupParameters is found on client computers.
Purpose of the Configuration Item
The registry key Hkey_Local_Machine\Software\Policies\Microsoft\Ccmsetup\SetupParameters can be created by Configuration Manager 2007 administrators to store installation properties for the client installation program, CCMSetup. When the Configuration Manager 2007 client is installed on computers containing this registry key, the values in this registry key will be read by CCMSetup and applied to the client installation.
Although this can be a useful feature, installation properties stored in the registry might overwrite site-wide settings specified by the Configuration Manager 2007 administrator causing inconsistent settings to be applied across clients in the Configuration Manager 2007 site. Desired configuration management can be used to detect the presence of this registry key, which allows you to monitor for the unauthorized presence of this registry key.
To author a general configuration item to check for the presence of the registry key Hkey_Local_Machine\Software\Policies\Microsoft\Ccmsetup\SetupParameters:
In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Desired Configuration Management.
Expand the Desired Configuration Management node, right-click Configuration Items, click New, and then click General Configuration Item.
On the Identification page of the Create General Configuration Item Wizard, specify the following:
- Name: Specify a unique and descriptive
name for the configuration item, such as Client setup parameters
- Description: Specify a description for
the configuration item, such as This configuration item
determines whether client computers have instances of the registry
- Click Next.
- Name: Specify a unique and descriptive name for the configuration item, such as Client setup parameters registry check.
On the Objects page of the Create General Configuration Item Wizard, click New, and then click Registry Key.
In the New Registry Key Properties dialog box, specify the following in the General tab:
- Hive: From the drop-down list, select
- Key: Specify the path
- Is this registry key associated with a
64-bit application? Select No.
- Select the option Report a non-compliance
event when this instance count fails.
- Instance count operator: Select
- Values: Specify the value
- Severity: From the drop-down list,
- Click OK to close the New Registry
Key Properties dialog box.
- Hive: From the drop-down list, select HKEY_LOCAL_MACHINE.
On the Settings page of the Create General Configuration Item Wizard, click Next.
On the Applicability page of the Create General Configuration Item Wizard, specify the following:
- Under Windows Platforms, select All
- Click Next.
- Under Windows Platforms, select All Windows Platforms.
On the Summary page of the Create General Configuration Item Wizard, review the settings for the configuration item you have created, and then click Next.
View the Progress page of the Create General Configuration Item Wizard. When this is complete, view the summary of actions taken on the Wizard Complete page.
Now that you have created this general configuration item, it can be added to a configuration baseline using the following configuration baseline rule:
- These application and general
configuration items are required and must be properly
Assign this configuration baseline to computers that should not have this registry key present, and investigate the computers that report non-compliance.
TasksHow to Add a Configuration Item to a Configuration Baseline in Desired Configuration Management
How to Assign Configuration Baselines in Desired Configuration Management
ConceptsAbout Configuration Baselines in Desired Configuration Management
About Configuration Items in Desired Configuration Management