Tuesday, August 6, 2013

Desired Configuration Management Evaluation



Compliance Evaluation Schedule:

  • Clients download configuration baseline assignements with their machine policy.
  • Configuration baseline will not be evaluated until their shceduled compliance evaluation time or unless you manually initiate evaluation on the client.
  • Client which is not yet evaluated will report their compliance as Unknown.
  • Client will ensure that it has the correct version of the configuration data in the CB before it begins the evaluation, if necessary client download the CB data from MP.
  • The evaluation schedule initiates a compliance evaluation that starts randomly within the next two hours. This random initiation ensures that the management point is not saturated with compliance results from multiple clients at the same time.
  • The compliance results are sent to the client's assigned management point in state messages and status messages.
  • If the computer is not currently connected to the network but the client has downloaded all the configuration data referenced in the assigned configuration baselines, the client performs offline evaluation. When the computer is next connected to the network, the cached compliance information is sent to its management point.


Compliance Information sent as State Messages in DCM:

  • The desired configuration management client mainly uses state messages to send compliance results.
  • State messages are consolidated on the client and sent according to the State message reporting cycle (minutes) value configured in the Computer Client Agent Properties. By default, this cycle is set to occur every 15 minutes.
  • The Actual Compliance state (Applicable, Detected, Compliant or Non-Compliant) for each configuration item is sent as a state message to the management point in the following circumstances:

                     When the configuration item is first evaluated.
                     Whenever the client detects a change in the compliance of a configuration baseline

  • If the client does not detect a change in its compliance with an assigned configuration baseline, it sends only its overall compliance state with its assigned configuration baseline to the management point, except in the following circumstances:
  • The non-compliance severity level of a setting or object changes.
  • The validation criteria of a setting or object changes after it has previously been reported as non-compliant.

Reference:
http://technet.microsoft.com/en-us/library/bb680847.aspx
http://technet.microsoft.com/en-us/library/bb632467.aspx
Posted by at No comments:
Subscribe to: Posts (Atom)