CIS compliance monitoring and Reporintg through SCCM

Junaid Khan 1 Reputation point
2021-05-16T13:38:54.66+00:00

I have performed CIS based OS Hardening in a Domain Environment on several Windows Server/10/8.1 Machines.
I ran a scan using CIS CAT Pro and then performed the required changes in the GPO of the relevant OU.

Now my question is that,

Can we set up SCCM (or SCOM etc) so that we can monitor the Configuration Settings and if any Configuration Changes in the GPO are made we get an alert?

Looking forward for your help.
Thanks

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,394 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Crystal-MSFT 40,461 Reputation points Microsoft Vendor
    2021-05-17T02:46:00.203+00:00

    @Junaid Khan , To monitor GPO change, we can use SCOM and PowerShell. Here is a link list the detailed steps, we can read it as a reference:
    https://social.technet.microsoft.com/wiki/contents/articles/3862.scom-monitoring-gpo-changes-using-scom-and-powershell.aspx

    Hope it can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.