Jump to content

Sign in to follow this  

Creating 2016 GPO Pack for SCCM deployments in SCM

Recommended Posts

Wasn't sure whether to post this here or in the SCCM 2012 forum in all honesty, but I'll try here first :)


Ok, so in our 2008 and 2012 deployments via SCCM we have GPO Packs that were created before my time at the company for MDT deployments, so I was able to just implement these easily enough into the SCCM task sequence. We're currently running SCCM 2012 R2 SP1 with the Windows 10 ADK and MDT 2013 Integration.


Now though, I need to create a new 2016 GPO Pack that we can apply during the SCCM Deployment task sequence (We don't use actual AD GPO, just local policies applied via GPO Pack. Not my decision but that's how it is) so I'm looking to create the GPO Pack via the Microsoft Security Compliance Manager, which has now been updated with 2016 baselines. However I'm having some issues that I'm trying to wrap my head around.


I've done some preliminary customisation work on the Microsoft Baseline to customise it for our systems but when I export it I'm getting some weird results when I re-import it to check it out.

If I export it as a GPO Backup (Folder) which would allow me to use it in SCCM, when I re-import it many of the settings are missing and some new settings even seen to have been added that aren't present in the original baseline I exported.

If I export it as a .cab file though then when I re-import it everything is exactly as it should be.


At first I thought it was just that the "GPO Backup (Folder)" option simply didn't include things in a "Not Configured" state as that's what most of the entries seemed to be, but when I run the comparison tool I could see that ones explicitly set to Enabled/Disabled were also missing from the import of the Backup Folder export.



Obviously my worry here is that when I come to put the GPO Backup export into SCCM then many of the settings I've configured have been lost and so will not be applied.



Has anyone got any advice to offer? Or possibly a better way I can put together a local security policy for Server 2016 that I can then deploy via SCCM? Deployment will only be to OS Deployment task sequences, not existing servers.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...