Share via

Configure a Microsoft On-Demand Assessment - Unified Customers

Use the following checklist to ensure all steps in this section are complete.

Configure the required Group Policy Objects

Successful execution of assessment scheduled tasks requires some policy configuration on the data collection machine to mitigate issues/risks known to degrade the successful collection of assessment data from your environment. The following configurations are applicable to all assessments.

Verify the user account Group Policies: Logon as Batch Job Permission

Note

At times, the assessment might not get triggered from the Task Scheduler. This can happen if the user does not have running batch job permission. If that’s the case, this permission needs to be explicitly granted by going in from gpedit.msc.*.

  1. Right-click or long-press on "Log on as batch job," then select Properties.

  2. Select "Add User or Group" and include the relevant user.

Do not forcefully unload the user registry at user logoff

  1. On your data collection machine, change the following setting in the group policy editor (gpedit.msc) from "not configured" to "enabled".

  2. Go to Computer Configuration -> Administrative Templates -> System -> User Profiles.

  3. Turn on "Do not forcefully unload the user registry at user logoff."

Turn off the FIPS Policy

  1. In Control Panel, select Administrative Tools, then select Local Security Policy.

  2. Within Security Settings, expand Local Policies, then select Security Options.

    Local Security Policy window displaying Security Options folder.

  3. Under Policy in the right-side pane, select System cryptography.

  4. Use FIPS compliant algorithms for encryption, hashing, and signing, and then select Disabled.

Network Access: Do not allow storage of passwords and credentials

This error occurs with the message "A specified logon session does not exist. It may already have been terminated." To resolve the error:

  1. Go to SECPOL.MSC -> Security Settings -> Local Policies -> Security Options.

  2. Don't allow storage of passwords and credentials for network authentication.

    Local Group Policy Editor window.

  3. Set the policy to disabled.

Verify the solution is downloaded on the data collection machine

Once the solution has been installed on your data collection machine, you will be able to find the following folders on your Local C:\ drive, these contain the Assessment specific binaries and Solution packages:

The File Explorer window, which shows the downloaded Assessment binaries and exectuion packages folders.

After confirming the Assessment binaries and execution package(s) have been downloaded for the assessment(s) desired, continue getting started with On-demand Assessments by selecting the Creation of the Assessment Scheduled Task.