Jump to content

Doug Blake

Compliance - User Evaluation Schedule

Recommended Posts



I'm having difficulty understanding when a configuration baseline deployed to a user collection evaluates, and re-evaluates. I've setup 3 configuration items to configure Internet Explorer and added to a baseline, checking and remediating the following registry keys:


1. HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\

AutoConfigURL = Company PAC File


2. HKLM:\Software\Policies\Microsoft\Internet Explorer\Control Panel

Proxy = 1


3. HKLM:\Software\Policies\Microsoft\Internet Explorer\Control Panel

AutoConfig = 1


According to the TechNet article here (http://technet.microsoft.com/en-us/library/hh219289.aspx) baselines deployed to a user will be evaluated at logon, however from my testing I can't see this happening.

On the deployment I configured the evaluation to run every 15 minutes from the deployment creation, however the client doesn't actually evaluate.

Compliance is enabled within the client settings, and running a Machine Policy retrieval (set to run every 15 minutes anyway) pulls down the compliance setting but reboots / logon's don't force it to run and evaluate.


I can force the evaluation to run by opening the client from the control panel app and selecting the baseline to evaluate, however I would like this to run at every logon, and wondered if (when deployed to a user collection) there is a periodic re-evaluation?





Share this post

Link to post
Share on other sites



Using SCCM 2012 SP1. No CU currently applied although CU3 is to be installed today / this week.


I've just tried creating another CI and baseline, to set the IE Homepage. Again, I've deployed to a user collection and logged onto the workstation as the user. The baseline has been pulled down however not evaluated yet.

The evaluation schedule was set to every 20 minutes in the deployment however I've passed 20 minutes, and done a reboot and logoff / logon but no evaluation.


For additional information, I left a vm logged in (with one of the user accounts the original baseline was deployed to) and it randomly ran about an hour or so after I left for the day, the workstation was idle and locked, but not run since again I'm not sure why this is.




Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...