SCCM Baseline Compliance - Auditpol /get /category:"Policy Change" output subject/titles showing as non-compliance

VM WARE 1 Reputation point
2021-09-30T05:34:05.36+00:00

Dear Support

I have the following issue with SCCM Baseline Compliant.

For SCCM Baseline compliance when set for the Baseline Compliant Item
Set to check with Script auditpol /get /category:"Policy Change"
But get compliance report, under the Expression, it is showing all the titles and subtitle as the results.

How can i get the Baseline Compliant to pull out only eg Authentication Policy Change showing Success and Failure is enabled and setting Compliance Rule to determine it is compliant or non-compliant.

Currently, my script above just pull out all the settings as per the output below.

136450-image.png

Compliant Report
136591-image.png

The Auditpol.exe when get the Category will shows all the subcategory settings. I need to able to tackle a particular subcategory and to able to get the result whether Success and Failure are in place with the compliance rules to check if it compliant or not. How can I go about it with PowerShell for individual subcategory instead of the result in the table above which are incorrect as all the titles names are also inside the evaluation.

PS C:\Windows\system32> auditpol /get /category:"Policy Change"
System audit policy
Category/Subcategory Setting
Policy Change

Authentication Policy Change Success and Failure
Authorization Policy Change Success and Failure
MPSSVC Rule-Level Policy Change Success and Failure
Filtering Platform Policy Change Success and Failure
Other Policy Change Events Success and Failure
Audit Policy Change Success and Failure

The above result, those in bold are the subject/titles which in the previous image all are being listed as entries which are not correct.

Kindly help.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,054 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,777 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,450 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 39,506 Reputation points
    2021-09-30T11:03:16.68+00:00

    Hello @VM WARE ,

    In this case, use the Monitoring workspace in the Configuration Manager console to view the properties of the configuration item and its validation criteria.

    I would like to recommend you the next article into compliance settings: hope it helps:

    https://learn.microsoft.com/en-us/mem/configmgr/compliance/deploy-use/monitor-compliance-settings

    Hope this helps with your query,

    ----------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

  2. VM WARE 1 Reputation point
    2021-10-05T00:54:11.827+00:00

    Thanks for your response,

    What i would need is the PowerShell command to get the baseline compliance for the AuditPol for Policy Change. I need to use it for generate report for all servers whether they are audit for Success or Failure etc.

    0 comments No comments