Compartilhar via

About the Non-Compliance Severity Level in Desired Configuration Management

  • Artigo

Aplica-se a: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

The non-compliance severity level in Configuration Manager 2007 allows you to rate the severity of the non-compliance status so that you can prioritize attention and remedial action. It can be configured for two purposes:

  • When an object or setting within a configuration item is not present on the client computer.

  • When an object or setting within a configuration item is present on the client computer but fails the validation criteria.

Because you can have many objects or settings within a single configuration item, each with their own non-compliance severity level, the client's compliance evaluation for that configuration item will record the highest non-compliant severity level. Similarly, because a configuration baseline typically contains a number of configuration items, the client's compliance evaluation for the configuration baseline will record the highest non-compliant severity level reported by the configuration items it contains.

These non-compliance details are reported to the site in state messages. In addition, clients send status messages when the compliance status of a configuration item or configuration baseline changes from one compliance status to another, for example, from unknown to compliant or from compliant to non-compliant on re-evaluation. For more information about sending compliance information, see Compliance Sent As State Messages and Status Messages in Desired Configuration Management.

Non-compliance severity levels are also used to produce Microsoft Windows application event messages. These can be displayed on the client computer and collected by management products such as Microsoft System Center Operations Manager 2007. Management products can often be configured to take automatic action on the collected Windows events if they match defined criteria. For example, you could run automatic scripts if critical servers reported non-compliance, or you could send an e-mail to administrators to warn them about desktop misconfiguration.

The non-compliance severity level can be configured with the following options:

  • Information - no Windows event messages: Computers that are not compliant with one or more of the objects or settings in the configuration item (either not present or present but fail the validation criteria) do not log a Windows application event message. Computers send a state message and status message with the non-compliant severity level of Information.

  • Information: Computers that are not compliant with one or more of the objects or settings in the configuration item (either not present or present but fail the validation criteria) log a Windows application event message of the type Informational. State messages and status messages sent by the client will have the non-compliant severity level of Information.

  • Warning: Computers that are not compliant with one or more of the objects or settings in the configuration item (either not present or present but fail the validation criteria) log a Windows application event message of the type Warning. State messages and status messages sent by the client will have the non-compliant severity level of Warning.

  • Error: Computers that are not compliant with one or more of the objects or settings in the configuration item (either not present or present but fail the validation criteria) log a Windows application event message of the type Error. State messages and status messages sent by the client will have the non-compliant severity level of Error.

In addition to using the Windows application events, you can use the status messages in Configuration Manager 2007 to filter on non-compliance results in the Desired Configuration Management home page, in reports, and in queries.

Consulte Também

Tarefas

How to Use the Non-Compliance Severity Level
How to Use the Desired Configuration Management Home Page

Conceitos

About Configuration Items in Desired Configuration Management
About Configuration Baselines in Desired Configuration Management
About Compliance and Compliance Information in Desired Configuration Management
About Reports for Desired Configuration Management
Example Scenarios for Implementing Desired Configuration Management

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.