Jump to content


FabianL

Compliance questions

Recommended Posts

Hello,

 

We are currently running SCCM 2012 R2 in our environment. We are running a Primary Site server with Endpoint protection and started using OSD. So far it has been a challenge but the guides here and on other online resources have been a tremendous help.

 

We now want to leverage SCCM's capabilities to help us identify rogue software as well as try and make sure that our environment PC's are using a safe version of Java, Adobe Flash, Adobe Reader, etc. Could SCCM help us with this? Also once that software is identified would we be able to uninstall the rogue software and install a correct version of Java, Adobe Flash, etc. If so could someone with more experience provide some insight as to how I would configure something like this?

 

Thank you!

Share this post


Link to post
Share on other sites

Most definitely can be done, and the more that you want automated, the more tedious the initial configuration will be (dynamic query collections, uninstall packages, config baselines etc). Youd be pulling together multiple features but could in theory automate the whole rogue software uninstall process.

 

Much depends on what you classify as "rogue" software. If you are not fully co.fortable woth sccm i'd start basic. Go to assets and compliance > inventoried software. Search for names of rogue software like 'torrents', 'java' etc. Will give you a overall view of whats in use in your environment.

 

Once you have names of software you want to uninstall, design a query that lists these names, version and uninstall string of your rogue software. Using the results of the query, you can create a script to uninstall the rogue software in one hit or segregate it. Theres a lot more to this, if you need further info i can follow up.

 

At a high level what you want to do is:

 

- Determine what rogue software is in use

- Define a baseline of software you want (latest Java, latest Flash etc)

- Deteine if you want instant remediation of noncompliant machines or if you are happy to accept a 1 week or so timeframe. (Hw/sw inventory runs once per week by default whereas a compliance baseline could be set to run much more frequently thus giving you a faster result)

- Establish a uninstall mechanism (script, in hours, out of hours etc)

- Maintainibility, what will you do when a new Java comes out. How easy will it be to update the exisiting setup to cater for this.

 

Lots of consideration as you can see.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.