Pau Lo
asked on
SCCM firewall status and security group members
We need to identify if the firewall is enabled/disabled and what policies are set for all our end user devices. Is it possible to get this through SCCM?
From SCCM can you also get a list of members for all local groups on the PC, e.g. users, administrators.
We ideally need both results writing out to an xlsx file.
From SCCM can you also get a list of members for all local groups on the PC, e.g. users, administrators.
We ideally need both results writing out to an xlsx file.
ASKER
Sorry - yes its the native firewall.
This is part of an audit as opposed to a new infrastructure for us to manage. We are just trying to identify ways to get the assurances we need from systems we don't manage day to day.
CSV output would be fine. The problem with scanning end user devices as opposed to servers is they need to be on at the time of the review. So if SCCM stores the config the last time the system communicated with SCCM takes out the equation the delays if the devices are offline for a few days etc.
This is part of an audit as opposed to a new infrastructure for us to manage. We are just trying to identify ways to get the assurances we need from systems we don't manage day to day.
CSV output would be fine. The problem with scanning end user devices as opposed to servers is they need to be on at the time of the review. So if SCCM stores the config the last time the system communicated with SCCM takes out the equation the delays if the devices are offline for a few days etc.
ASKER
MAP as in microsoft and assessment planning toolkit?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes it can. Do you mean the native MS firewall or a 3rd party one?
On the other hand, I think using CM for both these tasks is overkill. You can use PowerShell to get both answers.
Why are you insisting (ideally) on getting output as Excel? CSV format is more flexible and usable in Word, Excel and SQL.
Also, why don't you know what state the firewall and local groups are in, in the first place? Is this an infrastructure you have inherited?
I am just thinking that it sounds like you need a full audit, and using MAP would be better all round.
Mike