Scribd
Upload
259 views80 pages

Secr Mms CCM

cccmd

Uploaded by

trec
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
259 views80 pages

Secr Mms CCM

cccmd

Uploaded by

trec
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 80

Security Removable Media Manager

Version 9.8.9.0
(November 2017)
Protect your valuable data
secRMM SCCM Compliance Settings Administrator Guide

© 2011 Squadra Technologies, LLC. ALL RIGHTS RESERVED.


This guide contains proprietary information protected by copyright. The software described in this guide is furnished
under a software license or nondisclosure agreement. This software may be used or copied only in accordance with
the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by
any means, electronic or mechanical, including photocopying and recording for any purpose other than the
purchaser's personal use without the written permission of Squadra Technologies, LLC.

If you have any questions regarding your potential use of this material, contact:
Squadra Technologies, LLC
7575 West Washington Ave
Suite 127-252
Las Vegas, NV 89128 USA
www.squadratechnologies.com
email: [email protected]
Refer to our Web site for regional and international office information.

TRADEMARKS
Squadra Technologies, secRMM are trademarks and registered trademarks of Squadra Technologies, LLC. Other
trademarks and registered trademarks used in this guide are property of their respective owners.

Disclaimer
The information in this document is provided in connection with Squadra Technologies products. No license, express
or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection
with the sale of Squadra Technologies products. EXCEPT AS SET FORTH IN Squadra Technologies's TERMS AND
CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, Squadra Technologies ASSUMES
NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO
ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL Squadra Technologies BE LIABLE FOR ANY
DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT
LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING
OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF Squadra Technologies HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES. Squadra Technologies makes no representations or warranties with respect
to the accuracy or completeness of the contents of this document and reserves the right to make changes to
specifications and product descriptions at any time without notice. Squadra Technologies does not make any
commitment to update the information contained in this document.
Squadra Technologies Excel AddIn Administrator Guide
Created - August 2011

Page 2
secRMM SCCM Compliance Settings Administrator Guide

Contents
INTRODUCTION ..................................................................................................................................................... 5

SCCM SECRMM DEPLOYMENT/INSTALLATION ....................................................................................................................5


SCCM SECRMM CONSOLE EXTENSION ..............................................................................................................................5
SCCM SECRMM STATUS MESSAGES .................................................................................................................................6
SCCM SECRMM REPORTS ..............................................................................................................................................7

INSTALLATION ....................................................................................................................................................... 7

SCCM SECRMM CONSOLE EXTENSION ..............................................................................................................................8


Prerequisites ..........................................................................................................................................................8
Required SCCM permissions ...................................................................................................................................9
Install the secRMM SCCM Console Extension ......................................................................................................10
Start the SCCM Console to verify installation ......................................................................................................14
Uninstalling the secRMM SCCM Console Extension .............................................................................................15
SCCM SECRMM STATUS MESSAGES ...............................................................................................................................15
Step 1 - Setting up the SCCM site server ..............................................................................................................15
Step 2 - Setting up the secRMM “SCCMConnection” property ............................................................................19
SCCM Security Role............................................................................................................................................................ 20
SCCM Admins Group ......................................................................................................................................................... 21
Step 3 – Create a SCCM Status Message query for “removable media” events ..................................................22
SCCM SECRMM REPORTS ............................................................................................................................................28
Prerequisites ........................................................................................................................................................28
Install the SCCM secRMM reports .......................................................................................................................28
SCCM/InTune reports ........................................................................................................................................................ 42

USAGE AND CONFIGURATION ............................................................................................................................. 43

SCCM SECRMM CONSOLE EXTENSION ............................................................................................................................43


Create a Removable Media Policy .......................................................................................................................43
Deploy a Removable Media Policy .......................................................................................................................47
Computer versus User deployment ......................................................................................................................50
User deployment requirements ...........................................................................................................................50
Windows successful logon event ....................................................................................................................................... 50
Computer policy with SCCMConnection property defined ................................................................................................ 52
Verifying the computer policy deployment ..........................................................................................................52
Verifying the user policy deployment ..................................................................................................................53
Remediation.........................................................................................................................................................54
Editing a Removable Media Policy .......................................................................................................................55
Deleting a Removable Media Policy ....................................................................................................................55
SCCM Reporting ...................................................................................................................................................55
SCCM SECRMM STATUS MESSAGES ...............................................................................................................................57
Using the secRMM Excel AddIn ...........................................................................................................................62
SCCM SECRMM REPORTS ............................................................................................................................................63
Browser ................................................................................................................................................................63

Page 3
secRMM SCCM Compliance Settings Administrator Guide

SCCM console .......................................................................................................................................................66


SCCM/InTune reports ...........................................................................................................................................69

STATUS MESSAGE MANAGEMENT FOR SECRMM ................................................................................................ 70

STATUS MESSAGE VIEWER .............................................................................................................................................70


VBSCRIPT ...................................................................................................................................................................74
POWERSHELL ...............................................................................................................................................................75
SQL ...........................................................................................................................................................................77

TROUBLESHOOTING............................................................................................................................................. 78

SCCM SECRMM CONSOLE EXTENSION ............................................................................................................................78


SCCM SECRMM USER POLICIES.....................................................................................................................................79
Validation ............................................................................................................................................................79
Troubleshooting ...................................................................................................................................................79

KNOWN ISSUES .................................................................................................................................................... 80

CONTACTING SQUADRA TECHNOLOGIES SUPPORT ............................................................................................. 80

ABOUT SQUADRA TECHNOLOGIES, LLC. ............................................................................................................... 80

Page 4
secRMM SCCM Compliance Settings Administrator Guide

Introduction
Security Removable Media Manager (secRMM) integrates into Microsoft System Center Configuration
Manager (SCCM) 2012 by providing a SCCM console extension which provides centralized configuration,
SCCM status messages and SCCM reports. secRMM can also be deployed into your domain using SCCM.

SCCM secRMM deployment/installation

The documentation for deploying/installing


secRMM using SCCM is provided in a separate
document called SCCM Installation Guide. You can
get the SCCM Installation Guide from the Squadra
Technologies web site as shown in the screen shot
to the right.

http://squadratechnologies.com/Products/secRMM/secRMMDocumentation.aspx

SCCM secRMM Console Extension

The SCCM secRMM console extension builds on top of the base SCCM
Compliance Settings feature. Implementing compliance settings for your
corporate removable media policy rounds out the endpoint protection
provided by Microsoft via:

1. Antimalware Policies
2. Windows Firewall Policies
3. BitLocker Policies (i.e. encryption technology)
4. Software updates/patching

The secRMM SCCM User Interface (UI) is identical to the secRMM UIs in
the Computer Management MMC and the Active Directory Group Policy
Object Editor (AD GPO).

Using one or combining the Microsoft technologies with secRMM keeps


your environment safe from data theft via removable media such as USB
drives/sticks, SD-Cards, Smart-Phones, Tablets, and CD/DVD. In addition
to protecting your data, secRMM provides the most detailed audit trail
which allows you to track every write operation to removable media.

Page 5
secRMM SCCM Compliance Settings Administrator Guide

SCCM secRMM Status Messages

secRMM records removable media events into an event log (named secRMM) and also into the default
security event log on each computer where secRMM is installed. You can setup SCCM so that the
secRMM events are displayed in the SCCM console as SCCM “status messages”. This allows you to see
all the removable media events in one central location. If you have System Center Operations Manager
(SCOM) installed in your environment, you can use the SCOM secRMM “Management Pack” to
centralize your removable media events as well.

Page 6
secRMM SCCM Compliance Settings Administrator Guide

SCCM secRMM Reports

If you setup SCCM to collect the removable media events from the secRMM event logs (i.e. SCCM status
messages), you can then also load the SCCM secRMM reports into SCCM.

Please follow the steps in the next section to perform the installation of the SCCM secRMM components
mentioned above.

Installation

Page 7
secRMM SCCM Compliance Settings Administrator Guide

SCCM secRMM Console Extension

If you have not already done so, please install the SCCM Console on the system where you want to run
the secRMM SCCM console extension.

Prerequisites

The following SCCM features must be installed/enabled:


1. Client Settings->Compliance Settings must be enabled

Page 8
secRMM SCCM Compliance Settings Administrator Guide

You can verify that “Compliance Settings” are enabled on the client Windows computer(s) by going into
the SCCM client program (in “Control Panel”->”System and Security”->Configuration Manager-
>[tab]Components):

Required SCCM permissions

To use the secRMM SCCM Console Extension to configure the secRMM settings, you need to have the
following SCCM Security Roles assigned to your SCCM account:
1. Compliance Settings Manager
2. Endpoint Protection Manager
Note that if you are an SCCM Administrator, you will have these SCCM Security Roles assigned to your
SCCM account.

Page 9
secRMM SCCM Compliance Settings Administrator Guide

Install the secRMM SCCM Console Extension

Extending the SCCM Console is an easy task. It involves copying one XML file and four dlls into the
correct SCCM directory. There is an Install.cmd which will perform copying the files to the correct
directories for you.
1. Download the secRMMSCCMConsoleExtension.zip file from the Squadra Technologies web site.
a. On the Squadra Technologies Home Page, click the “System Center” logo

b. Click the “System Center Configuration Manager” link

c. Click the “secRMMSCCMConsoleExtension.zip” link to download.

Page 10
secRMM SCCM Compliance Settings Administrator Guide

2. Unzip the secRMMSCCMConsoleExtension.zip file into a temporary directory on the Windows


computer where you have installed the SCCM Console.
3. Close the SCCM console (if it is open).
4. Open a command window (with “Run As Administrator”).
5. In the command window, change directory (CD) into the temporary directory where you
unzipped secRMMSCCMConsoleExtension.zip (from step 2 above).
6. Check to make sure that all 9 files that were unzipped are unblocked (see screen shot below).
Windows blocks these files because they were downloaded from the Internet. Unfortunately,
Windows does not allow you to unblock them all at once; you must go one-by-one to unblock
them.

Page 11
secRMM SCCM Compliance Settings Administrator Guide

7. From the command window you opened in step 4 above, run the Install.cmd by typing
Install.cmd and then hitting the enter key.
The Install.cmd logic copies the RemovableMedia.xml, secRMMSCCM2012ConsoleExtension.dll,
secRMMMMCSnapInSelectUsers.dll, secRMMMMCSnapInSelectUsersLib.Interop.dll and
secRMM10.dll into the correct SCCM directories.

Page 12
secRMM SCCM Compliance Settings Administrator Guide

The secRMM SCCM Console Extension is now available in the SCCM Console on this particular Windows
Computer. If you want to use the secRMM SCCM Console on other Windows computers, you will repeat
this same process on the other Windows computer(s). Note, that you do not need to have the base
secRMM product installed to use the secRMM SCCM Console Extension (with one exception) although
we highly recommend that you install secRMM on each Windows computer in your environment. The
only time you would need to also install the secRMM product on the computer running the console
extension is if you want to use the SCCMConnection property (discussed below) “Test Connection”
feature. The “Test Connection” feature calls secRMM to perform the test connection to SCCM.

Page 13
secRMM SCCM Compliance Settings Administrator Guide

Start the SCCM Console to verify installation

Start the SCCM console (Microsoft.ConfigurationManagement.exe).

Once the SCCM console is open, open the “Endpoint Protection” folder and
verify that the “Removable Media Policies” node appears.

Page 14
secRMM SCCM Compliance Settings Administrator Guide

Uninstalling the secRMM SCCM Console Extension

If you need to uninstall the secRMM SCCM Console Extension, open a command window (with “Run As
Administrator”). In the command window, change directory (CD) into the temporary directory where
you unzipped secRMMSCCMConsoleExtension.zip. Be sure you first close the SCCM console before the
next step. Run the Uninstall.cmd by typing Uninstall.cmd and then hitting the enter key. The
Uninstall.cmd logic deletes the files that were installed from the SCCM directories. Once you restart the
SCCM console on this particular Windows Computer, the “Removable Media Policies” node under the
“Endpoint Protection” will be removed.

SCCM secRMM Status Messages

Installation of the SCCM secRMM status messages requires 3 steps. Step 1 is performed on the SCCM
site server. Step 2 is configuring the secRMM property named SCCMConnection which you can do using
the SCCM secRMM Console Extension (or Active Directory Group Policy or locally using the Computer
Management MMC). Step 3 is adding a status message query in the SCCM console to see the
“Removable Media Activity” events generated by secRMM.

Step 1 - Setting up the SCCM site server

1. Please take a full database backup of your SCCM database before performing the steps below
since it modifies the SCCM site control file (which, since SCCM 2012, is now stored in the
database instead of a file). https://msdn.microsoft.com/en-us/library/hh948978.aspx

To see the SCCM site control file contents, you can run a SQL query against your SCCM database:
SELECT SiteControl FROM vSMS_SC_SiteControlXML WHERE SiteCode = 'XXX'
where XXX is the 3 letter site code for your SCCM environment. Then copy the XML into a text
editor (such as Visual Studio) to review your site control file (which is XML text).

2. Download the secRMMSCCMStatusMsgInstallOnServer.zip file from the Squadra Technologies


web site.

Page 15
secRMM SCCM Compliance Settings Administrator Guide

a. On the Squadra Technologies Home Page, click the “System Center” logo

b. Click the “System Center Configuration Manager” link

c. Click the “secRMMSCCMStatusMsgInstallOnServer.zip” link to download.

3. Unzip the secRMMSCCMStatusMsgInstallOnServer.zip file into a temporary directory on the


SCCM site server.
4. Open a command window (with “Run As Administrator”).
5. In the command window, change directory (CD) into the temporary directory where you
unzipped secRMMSCCMStatusMsgInstallOnServer.zip.
6. Check to make sure that all 7 files (there is one dll in each subfolder) that were unzipped are
unblocked (see screen shot below). Windows blocks these files because they were downloaded
from the Internet.

Page 16
secRMM SCCM Compliance Settings Administrator Guide

7. Run the Install.cmd by typing Install.cmd and then hitting the enter key. The Install.cmd calls
the program AddSecRMMToSCCMStatusMessages.exe which updates the SCCM site control file
and adds the secRMMSCCMMsgs.dll into the SCCM status messages directories. This program
will prompt you for your SCCM 3 letter site code1. When it prompts you for the server, make
sure to put a period (“.” – the period indicates you are running on the site server) and hit enter.

1
If you do not know the SCCM 3 letter site code, you can open the SCCM console, click Administration
(in the lower left hand corner), in the tree view, go to Overview->Site Configuration->”Servers and Site
System Roles”. Now, on the right hand side of the console, you will see a list of servers. There is a
column labeled “Site Code”.

Page 17
secRMM SCCM Compliance Settings Administrator Guide

8. The output from program AddSecRMMToSCCMStatusMessages.exe should look like:

Page 18
secRMM SCCM Compliance Settings Administrator Guide

9. You should now restart the SMS_EXECUTIVE service.

10. To verify that SCCM is now using the secRMM messages dll, you can check the smsexec.log file
and search for the text saying:
Registered this process as a source of "secRMM" events.

11. Note that if you install the SCCM console on a remote computer (i.e. not the site server), you
will still need to copy the dll named secRMMSCCMMsgs.dll from the Win32 directory to
C:\Program Files(x86)\Microsoft Configuration Manager\AdminConsole\bin\i386\00000409. If
you do not perform this step and try to open the SCCM “Status Message Viewer” against the
“Removable Media Activity” query (described in Step 3 below), the “Status Message Viewer” will
crash. As a convenience, if you install the SCCM secRMM console extension on the remote
computer, the secRMM console extension installation will copy the secRMMSCCMMsgs.dll file
for you.

Step 2 - Setting up the secRMM “SCCMConnection” property

secRMM needs to be able to connect to SCCM with credentials from a valid SCCM user account. You
need an Active Directory userid for this step. There are 2 things to setup for this userid to allow the
secRMM to SCCM connection:

Page 19
secRMM SCCM Compliance Settings Administrator Guide

1. The userid needs a “SCCM Security Role”


2. The userid needs to be in the “SMS Admins” Group

SCCM Security Role

The SCCM user account has to belong to at least one of the following SCCM “Security Roles”:

1. Full Administrator
2. Asset Manager
3. Infrastructure Administrator
4. Operations Administrator

These are the SCCM “Security Roles” that are allowed to add and delete status messages.

If you do not use the “Full Administrator” role and you plan on using secRMM “User Configurations”,
then you must also add the “Compliance Settings Manager” SCCM “Security Role”.

So, as an example, in the two screen shots below, there is a userId named
CONTOSO\secRMMSCCMConnection. This userId has the security roles: “Asset Manager” and
“Compliance Settings Manager”. The “Asset Manager” will let secRMM create SCCM “Status Messages”
and the “Compliance Settings Manager” will let secRMM create SCCM “User Collection” Policies.

Page 20
secRMM SCCM Compliance Settings Administrator Guide

SCCM Admins Group

The user you use must also be a member of the “SMS Admins” Group. This group has local and remote
access to the WMI SMS Provider on the SCCM primary site server. Microsoft has a TechNet article that
tells you how to verify WMI permissions to the SMS Provider at https://technet.microsoft.com/en-
us/library/bb932151.aspx. You can add a user to the “SMS Admins” Group using the “Computer
Management” MMC on the SCCM primary site server as shown in the screen shot below.

Page 21
secRMM SCCM Compliance Settings Administrator Guide

Step 3 – Create a SCCM Status Message query for “removable media” events

Within the SCCM console, under the Monitoring->”System Status” node, you can create a “status
message” query for the secRMM event data. For naming consistency, we recommend you name the
query “Removable Media Activity”.

Component = secRMM

Page 22
secRMM SCCM Compliance Settings Administrator Guide

Page 23
secRMM SCCM Compliance Settings Administrator Guide

Page 24
secRMM SCCM Compliance Settings Administrator Guide

where SMS_StatusMessage.Component = 'secRMM'

Page 25
secRMM SCCM Compliance Settings Administrator Guide

Page 26
secRMM SCCM Compliance Settings Administrator Guide

Page 27
secRMM SCCM Compliance Settings Administrator Guide

SCCM secRMM Reports


Prerequisites

If you are not already using reporting in your SCCM environment, you will need to set up the
environment per Microsoft’s instructions at: https://technet.microsoft.com/en-us/gg712698.aspx

Install the SCCM secRMM reports

1. Download the secRMMSCCMReports.zip file from the Squadra Technologies web site.
a. On the Squadra Technologies Home Page, click the “System Center” logo

b. Click the “System Center Configuration Manager” link

Page 28
secRMM SCCM Compliance Settings Administrator Guide

c. Click the “secRMMSCCMReports.zip” link to download.

2. Unzip the secRMMSCCMReports.zip file into a temporary directory on the Windows computer
where you have installed the SCCM Report Server. SCCM uses SQL Server Reporting Services
(SSRS) as its reporting engine. The SSRS database may or may not be on the same computer as
the SCCM site server. You can find out where the SSRS for SCCM is installed within the SCCM
console. Go into the Monitoring view (lower left hand corner of the console), then click the
Reporting folder. Now, on the right-hand side of the screen, at the bottom, you will see the URL
for the Report Manager. This is shown in the screen shot below.

Page 29
secRMM SCCM Compliance Settings Administrator Guide

3. Open a command window (with “Run As Administrator”).


4. In the command window, change directory (CD) into the temporary directory where you
unzipped secRMMSCCMReports.zip. And change directory into the Assembly sub-directory.

5. Check to make sure that all 4 files that were unzipped in the Assembly sub-directory (see
screenshot above) are unblocked (see screen shot below). Windows blocks these files because
they were downloaded from the Internet.

Page 30
secRMM SCCM Compliance Settings Administrator Guide

6. In the Assembly sub-directory, edit the file named InstallAssemblyForSCCM.cmd with a text
editor (notepad for example). On line 4, change the XXX to be your 3 letter site code. Save the
file.

Page 31
secRMM SCCM Compliance Settings Administrator Guide

7. Now (run the script named) type InstallAssemblyForSCCM.cmd and hit the enter key.

8. The output of executing the script is a file named InstallSCCM_Output.rpt (see screenshot
above). This file should look like:

This assembly that loaded into the SCCM database allows the reports to parse the secRMM
event data.

9. On the SCCM report server, open a browser and go to URL: http://localhost/reports

Page 32
secRMM SCCM Compliance Settings Administrator Guide

10. Click the “ConfigMgr_XXX” folder (where XXX is your 3 letter site code). Within the
ConfigMgr_XXX folder, click the “New Folder” link.

11. Create a folder for the “Removable Media” reports. You are fee to name this folder whatever
makes most sense for your environment.

Page 33
secRMM SCCM Compliance Settings Administrator Guide

12. Now click the folder you just created to go into it.
13. Click the “Upload file”

Page 34
secRMM SCCM Compliance Settings Administrator Guide

14. Click the “Browse” button

15. Go to the sub-directory named Reports\SCCM_DB (in our example, we used


C:\temp\secRMMSCCMReports\Reports\SCCM_DB)

Page 35
secRMM SCCM Compliance Settings Administrator Guide

16. Select the report file (i.e file extension of .rdl) and click the OK button

17. Repeat steps 14-16 for each file in the Reports\SCCM_DB sub-directory (there are 5 files).

Page 36
secRMM SCCM Compliance Settings Administrator Guide

18. Next, we need to modify the “Data Sources” of each report to be the “Data Sources” for your
SCCM database. To do this, move your mouse to the right of the report so that you see a yellow
box with an arrow pointing down (see below). Click the drop down arrow and select “Manage”.

Page 37
secRMM SCCM Compliance Settings Administrator Guide

19. Select “Data Sources”

Page 38
secRMM SCCM Compliance Settings Administrator Guide

20. A warning shows on the page stating “The shared data source reference is no longer valid”.
Click the “Browse” button to the left of this warning.

21. Under the Home button, you will see your SCCM database (named ConfigMgr_XXX where XXX is
your 3 letter site code). Click the plus sign (+) to the left of your SCCM database so it expands.

Page 39
secRMM SCCM Compliance Settings Administrator Guide

22. Under the SCCM database folder will be a long list of subfolders. At the very bottom, you will
see an icon of a yellow cylinder (see below). It will likely not have the same letters and numbers
to the right but this is the “Data Source” for your SCCM database.

Page 40
secRMM SCCM Compliance Settings Administrator Guide

23. Click the “Data Source” so it is selected and then click the OK button.

24. Click the Apply button. Now the report will use the SCCM database to get data.

Page 41
secRMM SCCM Compliance Settings Administrator Guide

25. Repeat steps 18-24 for each report.


26. Run each report to ensure no errors occur. If you get an error about permissions, please run the
following sql commands from either “SQL Management Studio” or using the command line
sqlcmd utility. You need to run these commands against the SCCM database (i.e. CM_xxx where
xxx is your 3 character site code).

GRANT SELECT ON [dbo].[secRMMSQLTableValuedFunction] TO [smsschm_users]


GRANT EXECUTE ON [dbo].[CompareUserLists] TO [smsschm_users]
GRANT SELECT ON [dbo].[vStatusMessageInsStrs] TO [smsschm_users]
GRANT SELECT ON [dbo].[vStatusMessages] TO [smsschm_users]

SCCM/InTune reports

Page 42
secRMM SCCM Compliance Settings Administrator Guide

The SCCM/Intune secRMM reports are installed the same way as the base SCCM reports (detailed in the
instructions above). If you have Intune configured in your SCCM environment, you should consider also
loading the SCCM/Intune secRMM reports. The zip file containing the reports is on the Squadra
Technologies web site and is named secRMMSCCMInTuneReports.zip. There are 2 reports to load into
your environment. Before you load these reports, you must make one change for your environment.
Edit the file named “Mobile device USB File Write Activity.rdl” using Notepad. This file is in the
Reports\SCCM_DB subfoler (created when you unzipped secRMMSCCMInTuneReports.zip). Go to line
(ctrl-g when “word wrap” is off) 1281 (you can also do a find for XXX to get to line 1281). On line 1281,
change the XXX to your 3 character SCCM site code.

Usage and configuration


SCCM secRMM Console Extension

The SCCM secRMM Console Extension lets you centrally configure and deploy the secRMM
rules/policies for the computers and users in your domain. This feature utilizes the base SCCM
“Compliance Settings” component. SCCM “Compliance Settings” give you several features:
1. Setting the secRMM rule(s) on each computer or user within your domain
2. For computer configurations, a recurring check is made of the current secRMM rule values on
each computer within your domain based on the SCCM deployment schedule. For user
configurations, at user logon time, a check of the current secRMM rules for the user logging into
the Windows computer. For both, the following operations are performed:
a. Reporting if a value is not in compliance
b. Resetting the value if it is not in compliance
3. Out of the box SCCM compliance reports

The subsections below describe how to use the SCCM secRMM Console Extension.

Create a Removable Media Policy

To create a “Removable Media Policy”, you can right mouse click on either the “Removable Media
Policies” node in the tree-view, right mouse click in the white space in the details view or use the SCCM
ribbon bar. For the node in the tree-view, make sure you first left-click the node so the right side
windows says “Removable Media Policies” before you right-mouse click it.

Page 43
secRMM SCCM Compliance Settings Administrator Guide

Clicking the “Create Removable Media Policy” function will open a window that lets you specify the
secRMM property values. For details on each secRMM property, you should review the secRMM
Administrators Guide. At the very top of the “Removable Media Policy” window, please specify a name,
an optional description for the “Removable Media Policy” and select whether this policy will be for
computers or users. Then, provide the values for one or more secRMM properties. To edit a property,
double click the row and another windows will open allowing you to specify a value. At a minimum, you
should always turn on the “FailWriteIfSourceFileUnknown” secRMM property. This sets secRMM in
“monitoring mode”. You need to specify at least one secRMM property before you can save the policy.

Below are two screen shots, the first one is a Computer policy and the second is a User policy. You must
define one Computer policy and at a minimum, specify the SCCMConnection property. The SCCM logon
credentials specified in the SCCMConnection property allows secRMM to send the secRMM event data
to SCCM. Once the secRMM events data is sent to SCCM, you can view this secRMM event data using
SCCM Status Messages and SCCM secRMM reports.

Page 44
secRMM SCCM Compliance Settings Administrator Guide

Page 45
secRMM SCCM Compliance Settings Administrator Guide

NOTE: It is highly recommended that, as a minimum, you always turn on: FailWriteIfSourceFileUnknown.

Once you have specified one or more secRMM properties, click the OK button to save your changes.
You will now see the “Removable Media Policy” in the list.

Page 46
secRMM SCCM Compliance Settings Administrator Guide

Deploy a Removable Media Policy

Since the secRMM Console


Extension is based on the SCCM
Compliance Settings, you will
deploy the “Removable Media
Policy” just as you would for any
other SCCM Compliance Setting.

In the SCCM tree view, expand


the “Compliance Settings” folder
and then the “Configuration
Baselines” folder. You will see a folder named “Removable Media Policies”. If you do not see this
folder, click Refresh (F5). It may take several Refreshes depending on how busy SCCM is. If you still
cannot see the Compliance Settings item, sometimes, clicking on the parent folder (i.e. the folder named
“Compliance Settings”) and hitting refresh on that folder will force the subfolders to refresh. Under the
“Removable Media Policies” folder, you will see a folder with the same name as the “Removable Media
Policy”. Click that folder and the “Configuration Baseline” will appear in the details pane. Right mouse
click on the “Configuration Baseline” and select “Deploy”.

Page 47
secRMM SCCM Compliance Settings Administrator Guide

If you are familiar with the deployment options, you may set the values to best suit your environment.
An important value for you to consider on the deployment dialog is the “Run every” value. This is how
often SCCM will check that the policy is compliant.

Note that for Computer (i.e. not User) configurations, you MUST check the “Remediate noncompliant
rules when supported” and the “Allow remediation outside the maintenance window” checkboxes.
Failure to check these two checkboxes will result in the policy not being applied on the computers you
are deploying the policy to.

Below is a valid recommendation.

Page 48
secRMM SCCM Compliance Settings Administrator Guide

Before closing the “Deploy Configuration Baselines” window, you must select a collection to deploy to.
Click the “Browse” button (outlined in the blue box above).

For computer policies, select “Device Collections” and then select a collection from the available device
collections defined in your environment.

For user policies, please select a collection from the available user collections.

Page 49
secRMM SCCM Compliance Settings Administrator Guide

The “Removable Media Policy” is now deployed.

Computer versus User deployment

The “computer deployment” will run on a scheduled task where the time interval will be what you
specified in the deployment dialog. SCCM sends the “computer deployment” secRMM policy down to
the SCCM clients during a “Machine Policy Retrieval & Evaluation Cycle”. You can force a “Machine
Policy Retrieval & Evaluation Cycle” to happen on a client SCCM computer using the SCCM client GUI,
under the Actions tab. This is shown in the “Verifying the computer policy deployment” section below.

A “user deployment” will run whenever the user logs into a Windows computer with secRMM installed
on it. “User deployments” take effect immediately since it is triggered by the user logging into a
computer.

User deployment requirements

There are three requirements to making a user deployment work:


1. The Windows computer where the user logs in must be generating “successful logon events”
(event id 4624) into the Windows security event log
2. A secRMM “computer policy” with the SCCMConnection property defined.
3. The secRMM version must be at 7.0.6.0 or better
The details of these requirements are explained below.

Windows successful logon event

Page 50
secRMM SCCM Compliance Settings Administrator Guide

To make a user deployment run whenever the user logs on to a Windows computer, the Windows
computer must be generating a “successful logon event” (event id 4624) in the security event log. This
event triggers the SCCM user policy to be checked on the computer for the user. Microsoft
documentation for event id 4624 is located at https://technet.microsoft.com/en-
us/library/dn319080.aspx. You can enable auditing (i.e. generating) successful logon events using either
a SCCM Task Sequence or Active Directory Group Policy Object (AD GPO). You should first check in your
environment to see if this event is already being generated. It is typically a common event to generate
so you may not need to do anything if the event is already being generated. The setting is in Computer
Configuration/Windows Settings/Security Settings/Advanced Audit Policy
Configuration/Audit Policies/”Logon/Logoff” and is called Audit Logon. At a minimum,
you must set the “Success” value.

Page 51
secRMM SCCM Compliance Settings Administrator Guide

Details about event id 4624 are at: https://docs.microsoft.com/en-us/windows/device-


security/auditing/event-4624.

Computer policy with SCCMConnection property defined

Each computer that will support user policies will need a secRMM “computer policy” defined on the
computer as well. There can only be one secRMM “computer policy” on a computer. The computer
policy should be very restrictive since it is the default policy that is used if the user is not assigned to a
“user policy”. For example, the “computer policy” might put secRMM in lockdown mode (meaning no
file copies to removable storage is allowed). Regardless of the authorization or lockdown policy you
choose for the “computer policy”, you will need to specify the SCCMConnection property. The SCCM
logon credentials specified in the SCCMConnection property will allow the user policy to retrieve the
policy from SCCM.

Verifying the computer policy deployment

Go to one of the Windows computers that is in the collection that you selected in the deployment.
Open the SCCM client program (in “Control Panel”->”System and Security”).

Page 52
secRMM SCCM Compliance Settings Administrator Guide

Click the Actions tab. In the list of Actions, click the “Machine Policy Retrieval & Evaluation Cycle”. Click
the “Run Now” button. This will download the “Removable Media Policy” to the computer. Note that
depending on the size of your environment, this process could take a while to complete.

To verify that the “Removable Media Policy” has been downloaded, click the Configuration tab. You will
see the “Removable Media Policy” with the name you assigned it when it has been downloaded. Notice
in the left hand screen shot below, the “Last Evaluation” column has a value of N/A and the “Compliance
State” column has a value of Unknown. This means the “Removable Media Policy” has not run yet. To
run the “Removable Media Policy”, click the Evaluate button at the bottom of the window. Once the
“Removable Media Policy” has been evaluated, the “Last Evaluation” column and the “Compliance
State” column will have valid values as shown in the right hand screen shot below.

Please note that you do not need to click the “Evaluate” button on every computer you deploy to (that
would be unrealistic). Clicking it on your test computers just makes the evaluation run “right now”. The
SCCM client programmatically performs what the “Evaluate” button does at a repeating scheduled
interval. This interval value is specified when you deploy the “Removable Media Policy”.

Once the “Removable Media Policy” has been evaluated, you can view a report by clicking on the “View
Report” button at the bottom of the window.

Verifying the user policy deployment

You cannot use the verification process for the user policies as we did for the computer policies in the
section above. This is because SCCM does not really push down the user policy. secRMM has to pull it
from SCCM when the user logs in. The best way to verify the user policy is to use the secRMM event log
on the computer where the user logged in. If the policy was being defined for the first time or the policy
needed to be “remediated”, you will see an event for each secRMM property that was modified as in
the screen shot below:

Page 53
secRMM SCCM Compliance Settings Administrator Guide

If you study the data in the red box carefully, you will see that the secRMM property named
AllowedDirectories was set by the user policy named “User Policy 1”, Revision 1 for the user
CONTOSO\Angela.

Remediation

For computer policies, when you deploy the “Removable Media Policy”, you must select to correct any
property value that is not the value you specify in the “Removable Media Policy”. This is called
remediation. If remediation does occur, the SCCM report will show this as compliant because the value
was changed back to the compliant value. To see which properties were changed, you can look in the
secRMM event log. If remediation does occur, you will see an event in the secRMM event log. The
event contains the details of the property being changed. The event is shown below:

Below is the text taken from the screen shot above. Notice on the last line, it indicates that the value
was changed back by SCCM remediation.

Page 54
secRMM SCCM Compliance Settings Administrator Guide

Removable Media Security Authorization:


Administrator: NT AUTHORITY\SYSTEM, SID: S-1-5-18
Action: secRMM Property created
Property name: AllowedDirectories
Property value: C:\Users\<UserId>;d:\temp
Property set for: CONTOSO\angela, SID: S-1-5-21-194330278-343332919-2867172138-1606
Status: Completed
Additional Event Info: C:\Windows\System32\cscript.exe" //NoLogo //B C:\Windows\Temp\rad30BE6.js
SCCM Compliance Setting Remediation for AllowedDirectories. Type: User, Name: User Policy 1,
Revision: 1, CONTOSO\Angela, S-1-5-21-194330278-343332919-2867172138-1606

Editing a Removable Media Policy

You can edit an existing “Removable Media Policy” by using either the secRMM Console Extension or by
using the base Microsoft SCCM Compliance Settings windows. If you edit the “Removable Media Policy”
by using either the secRMM Console Extension, it will retain the existing values in the Configuration Item
Baseline (i.e. the values you specified for the deployment part).

If you do edit a Removable Media Policy, you must re-deploy it. We are looking into how to avoid this
for a future release.

Deleting a Removable Media Policy

You can delete an existing “Removable Media Policy” by using either the secRMM Console Extension or
by using the base Microsoft SCCM Compliance Settings windows. If you delete the “Removable Media
Policy” by using either the secRMM Console Extension, it will delete:
1. Configuration items
2. Configuration item folder for the “Removable Media Policy”
3. Configuration baseline
4. Configuration baseline folder for the “Removable Media Policy”

SCCM Reporting

SCCM has several “Compliance and Settings Management” reports. The reports are under Monitoring-
>Reporting->Reports. These reports will include the data from the Removable Media Policies.

Page 55
secRMM SCCM Compliance Settings Administrator Guide

In addition, you can view a report directly from a SCCM client computer by using the “Configuration
Manager” User Interface located in “Control Panel “->”System and Security” (on the client computer).

Page 56
secRMM SCCM Compliance Settings Administrator Guide

SCCM secRMM Status Messages

The SCCM Status Messages for secRMM data are dependent on the SCCM credentials provided in the
SCCMConnection property of secRMM. You specify the secRMMConnection from within one of the
secRMM User Interface dialogs.

The dialogs are:


1. The secRMM SCCM Console Extension

Page 57
secRMM SCCM Compliance Settings Administrator Guide

2. The secRMM Active Directory Group Policy

Page 58
secRMM SCCM Compliance Settings Administrator Guide

3. The secRMM “Computer Management” MMC

Page 59
secRMM SCCM Compliance Settings Administrator Guide

Since you are reading this document, it is most likely that you will use the secRMM SCCM console
extension to set the SCCMConnection property.

You have the ability to perform a “Test Connection” operation. You should try to perform this test on a
computer that is not the SCCM site server if possible. The reason to perform the test on a computer
that is not the SCCM site server is because when performed on the SCCM site server, the
userid/password test does not get performed (because you are already on the SCCM site server).

Page 60
secRMM SCCM Compliance Settings Administrator Guide

Ultimately, the secRMM SCCMConnection property gets treated like all the other secRMM properties in
that it gets deployed down to the computers running secRMM. Once the SCCMConnection property is
set on the computers, they will start sending status messages (i.e. the secRMM event data) to the SCCM
site server.

Page 61
secRMM SCCM Compliance Settings Administrator Guide

Using the secRMM Excel AddIn

The secRMM Console Extension also provides a call to the secRMM Excel AddIn. The secRMM Excel
AddIn can load the SCCM status messages. This allows you to view the SCCM status messages from
within Excel. Please refer to the Excel AddIn Administrator Guide to install the secRMM Excel AddIn.
Note that the Excel AddIn will be installed on the same computer where the SCCM Administrator
Console is installed. The Excel AddIn uses the secRMM SCCMConnection property to communicate with
SCCM.

If you try to use the secRMM Excel AddIn from with the SCCM console and you get an “Access Denied”,
simply reopen the SCCM console using “Run As Administrator”.

Page 62
secRMM SCCM Compliance Settings Administrator Guide

SCCM secRMM Reports

You can run the SCCM “Removable Media” (i.e. secRMM) reports from either a browser or directly
within the SCCM console. The Microsoft reporting engine (SQL Server Reporting Services, i.e. SSRS) has
many powerful features including scheduling reports to be delivered to your email inbox on a recurring
schedule (in various formats, including excel and pdf). You should follow the Microsoft documentation
on SSRS to gain the full benefits of the reporting component of SCCM.

Browser

The SCCM SSRS website has a default URL of http://ComputerName/reports. This may vary in your
environment. Once you are at the home page, click the link referencing your SCCM database.

Page 63
secRMM SCCM Compliance Settings Administrator Guide

Scroll down until you see the “Removable Media” subfolder. Click the “Removable Media” subfolder.

Select one of the “Removable Media” reports to run.

Page 64
secRMM SCCM Compliance Settings Administrator Guide

In this example, we will run an “Authorization Failure” report:

The above report shows there is currently only one authorization failure within the domain.

In addition to the reports provided by the secRMM product, you can run the Microsoft SCCM
“Compliance and Settings Management” reports as well.

Page 65
secRMM SCCM Compliance Settings Administrator Guide

SCCM console

The SCCM reports are located within the console under Monitoring->Reports. There are many reports
provided by Microsoft. The reports are listed in alphabetical order so scroll down to “R”. Under “R”,
you will see reports starting with “Removable Media”.

Select one of the “Removable Media” reports to run.

Page 66
secRMM SCCM Compliance Settings Administrator Guide

In this example, we will run a “Write Events” (i.e. files written from the domain to a removable media
device) report. Notice that the report dialog needs to specify a “User Name”. Click the “Values…” link
and select a value.

Page 67
secRMM SCCM Compliance Settings Administrator Guide

To run the report, click the “View Report” button.

Page 68
secRMM SCCM Compliance Settings Administrator Guide

Here we can see a report that lists all the removable media write activity for the specific user. There are
too many columns in this report to show you all the valuable data within this report in a single screen
shot so please run the reports in your environment so you can see that value of the secRMM data!

SCCM/InTune reports

To associate the Intune mobile device definitions to the secRMM event data, you must run the
LinkMobileDevices.exe utility that is in the Utility subfoler (created when you unzipped
secRMMSCCMInTuneReports.zip). This program will list the mobile devices being managed by
SCCM/InTune. For each mobile device, you will need to provide the mobile devices serial number as
secRMM knows it. Unfortunately, InTune does not seem to be capable of recording the true/firmware
serial number of the mobile devices (we hope this will be fixed in later InTune releases). For now, you
will need to generated a secRMM ONLINE event for the mobile device by connecting the device to a
Windows computer running secRMM with a USB cable. Once Windows mounts the mobile device, you
will see an online event in the secRMM event log. Plug the serial number from secRMM into the
corresponding row in the LinkMobileDevices.exe utility.

Page 69
secRMM SCCM Compliance Settings Administrator Guide

Status Message Management for secRMM


The secRMM event data is forwarded from the endpoint computers to the SCCM site server and into the
SCCM database. SCCM terms this data as “Status Messages”. “SCCM Status Messages” are used
extensively by Microsoft to record events that are happening within SCCM. This is the same mechanism
that secRMM uses (i.e. the secRMM event data is stored within the SCCM SQL tables/views just the
same as native SCCM Status Messages). You should periodically export (and then delete from the SCCM
database) the “secRMM SCCM Status Messages” to an external file which can then be archived. This
strategy allows you to keep the security event data generated by secRMM for historical and post-
analysis. It also keeps the SCCM database from growing without bound and allows the secRMM reports
to load quickly. You have options on how you can export the “secRMM SCCM Status Messages” from
the SCCM database. The options are:
1. Status Message Viewer
2. VBScript
3. PowerShell
4. SQL
These options are outlined below.

You should also read the “secRMM Administrators Guide”, section titled “Managing the secRMM event
log”. This section discusses other options for archiving secRMM event data. In summary, the section
describes using the secRMM event log to archive the data versus using SCCM. If you chose that
archiving strategy, then in SCCM, you can simply delete the “secRMM SCCM Status Messages”
periodically. You could also utilize secRMMCentral. secRMMCentral uses Microsoft Event Forwarding
technology to forward the secRMM event data from the endpoint computers to a central event log
(named secRMMCentral). From the secRMMCentral event log, you can have a scheduled task import
the secRMMCentral event log into a standalone SQL server database. From the standalone SQL server
database, you can run secRMM predefined reports in addition to using SQL backups for archiving.

Status Message Viewer

Page 70
secRMM SCCM Compliance Settings Administrator Guide

You can use the “SCCM Status Message Viewer” User Interface program to export and delete the
secRMM status messages. You invoke the “SCCM Status Message Viewer” from the SCCM console
“Monitoring mode” of SCCM as shown below.

Page 71
secRMM SCCM Compliance Settings Administrator Guide

Page 72
secRMM SCCM Compliance Settings Administrator Guide

Page 73
secRMM SCCM Compliance Settings Administrator Guide

VBScript
The secRMM product uses a VBScript to send SCCM Status Messages to SCCM. The VBScript accepts
parameters that allow you to list and delete the “secRMM SCCM Status Messages” in the SCCM
database.

The screen shot below that shows the command to list the “secRMM SCCM Status Messages” to the
screen (one page at a time).

The screen shot below that shows the command to list the “secRMM SCCM Status Messages” to a file.

Page 74
secRMM SCCM Compliance Settings Administrator Guide

Note that each record exported by the VBScript is contained in multiple lines. This may not be optimal
but you are still able to perform string finds/searches on the data.

PowerShell

The secRMM product has a PowerShell script for processing secRMM events. One of the options of this
PowerShell script is to retrieve the secRMM data from the “secRMM SCCM Status Messages” in the
SCCM database.

Page 75
secRMM SCCM Compliance Settings Administrator Guide

The screen shot below that shows the command to list the “secRMM SCCM Status Messages” to the
screen.

The screen shot below that shows the command to list the “secRMM SCCM Status Messages” to a file.

Page 76
secRMM SCCM Compliance Settings Administrator Guide

SQL

The SQL command below retrieves the “secRMM SCCM Status Messages” directly from the SCCM
database.

select all
SMS_StatusMessage.Component,
SMS_StatusMessage.MachineName,
SMS_StatusMessage.MessageID,
SMS_StatusMessage.MessageType,
SMS_StatusMessage.ModuleName,
SMS_StatusMessage.PerClient,
SMS_StatusMessage.ProcessID,
SMS_StatusMessage.RecordID,
SMS_StatusMessage.ReportFunction,
SMS_StatusMessage.Severity,
SMS_StatusMessage.SiteCode,
SMS_StatusMessage.SuccessfulTransaction,
SMS_StatusMessage.ThreadID,
SMS_StatusMessage.Time,

Page 77
secRMM SCCM Compliance Settings Administrator Guide
SMS_StatusMessage.TopLevelSiteCode,
SMS_StatusMessage.PartOfTransaction,
SMS_StatusMessage.Win32Error,
SMS_StatMsgInsStrings.InsStrIndex,
SMS_StatMsgInsStrings.InsStrValue,
SMS_StatMsgInsStrings.RecordID,
SMS_StatMsgAttributes.AttributeID,
SMS_StatMsgAttributes.AttributeTime,
SMS_StatMsgAttributes.AttributeValue,
SMS_StatMsgAttributes.RecordID from vStatusMessages AS SMS_StatusMessage
LEFT OUTER JOIN vStatusMessageInsStrs AS SMS_StatMsgInsStrings ON
SMS_StatMsgInsStrings.RecordID = SMS_StatusMessage.RecordID
LEFT OUTER JOIN vStatusMessageAttributes AS SMS_StatMsgAttributes ON
SMS_StatMsgAttributes.RecordID = SMS_StatusMessage.RecordID
where SMS_StatusMessage.Component = N'secRMM'

Troubleshooting
SCCM secRMM Console Extension

The SCCM secRMM Console Extension lets you centrally configure and deploy the secRMM
rules/policies for the computers and users in your domain. Since this feature utilizes the base SCCM
“Compliance Settings” component, the troubleshooting steps will be the same as any other “Compliance
Settings” issue. The way to troubleshoot any SCCM issue begins with knowing which SCCM log files to
look at. For “Compliance Settings” issues, you will need to look on an SCCM client computer (i.e. not the
site server but a computer running the SCCM agent). The log files on the SCCM client computer are
located at C:\Windows\CCM\Logs. For “Compliance Settings” issues, the log files you will want to look
at are:
1. CIAgent.log
2. DCMAgent.log
3. DCMReporting.log
4. DcmWmiProvider.log
5. CIDownloader.log

See the Microsoft documentation at: https://technet.microsoft.com/en-


us/library/hh427342.aspx#BKMK_CompSettingsLog.
If possible, use the CMTrace utility that Microsoft provides in the SCCM 2012 R2 Toolkit (the download is
at http://www.microsoft.com/en-us/download/details.aspx?id=36213). Once you install the SCCM 2012
R2 Toolkit, CMTrace will be located in the C:\Program Files (x86)\ConfigMgr 2012 Toolkit R2\ClientTools
directory.

CMTrace has a very nice feature where you can view several log files at once. To use this feature, go to
File->Open on the main menu bar. The file open dialog will have a checkbox at the bottom of the dialog
labeled “Merge selected files”. Make sure you select that and then Ctrl-Click the logs you want to look
at (listed above).

When looking for errors, you can safely ignore the 2 errors from the CIDownloader.log that look like:

DeleteInstanceFromLantern failed (0x80041002). CIDownloader

Page 78
secRMM SCCM Compliance Settings Administrator Guide

DCM::LanternUtils::DeleteAlreadyExistingModel - Failed to delete instance


PolicyPlatform_Policy.Name="ScopeId_..._Configuration_PolicyDocument",Authority="System Center
Configuration Manager",Revision=3 (0x80041002). CIDownloader

SCCM secRMM User Policies


Validation
1. Login to a SCCM client workstation as one of the users in the SCCM User Collection you
deployed the secRMM Policy to.
2. On the SCCM client workstation from step 1 above, as a local Administrator, open the
“Computer Management” MMC and click the secRMM node.
3. On the right-hand side (i.e. the Actions column), click the “secRMM Configurations” Action.
4. You should see the userid (and corresponding user SID) from step 1 above in the “secRMM
configuration” list.
a. If the userid is in the “secRMM configuration” list from step 4 above, you can also verify
the process by looking in the secRMM event log. In the secRMM event log, you will see
an event id of 701. Look at the last line of the 701 event text. It will list the SCCM
Compliance Setting properties: type, name and revision.
b. If the userid is NOT in the “secRMM configuration” list, please follow the
troubleshooting section directly below.

Troubleshooting

On the SCCM site server, open C:\Program Files\Microsoft Configuration Manager\Logs\SMSProv.log.


Find the string:
ExecQueryAsync: START SELECT CI_UniqueId FROM
SMS_ConfigurationBaselineInfo WHERE LocalizedDescription like '% User
- Removable Media Policy%' AND IsAssigned = 1

A few lines (5 lines) below that, you will see the SQL select statement that corresponds to the
ExecQueryAsyc command above. Note the record count is returned on the next line as well.

Execute SQL =select all SMS_ConfigurationBaselineInfo.CI_UniqueID


from fn_ListConfigurationBaselineInfo_List(1033) AS
SMS_ConfigurationBaselineInfo where
(SMS_ConfigurationBaselineInfo.Description like N'% User - Removable
Media Policy%' AND SMS_ConfigurationBaselineInfo.IsAssigned = 1)

If you have SQL Management Studio available, starting with the “select”, copy the SQL query above and
paste it into a SQL query session that is mapped to your SCCM database. Ensure the record count
matches what is listed in the SMSProv log.

If you do find errors in the log files mentioned above, please contact Squadra Technologies support and
a support engineer will assist you in correcting the issue.

Page 79
secRMM SCCM Compliance Settings Administrator Guide

Known Issues
1. If you modify a secRMM policy (rules set), you must re-deploy the policy. We are looking into
how to correct this behavior.
2. Do not use XML characters (&, >, <) in the secRMM policy description text. If you do, the policy
generates an error when you save it. We are working to correct this issue.

Contacting Squadra Technologies Support


Squadra Technologies Support is available to customers who have purchased a commercial version of
secRMM and have a valid maintenance contract or who are in a trial mode of the product.
When you contact Support please include the following information:
1. The version of secRMM you have installed.
2. The Windows versions you have installed: XP, 2003 Server, 2008 Server R2, Vista, Windows 7,
etc.
3. The version of SCCM you have installed.
4. Whether the Windows Operating System is 32bit or 64bit.
5. The specific issue you are contacting support for.

About Squadra Technologies, LLC.


Squadra Technologies delivers innovative products that help organizations get more data protection
within the computer infrastructure. Through a deep expertise in IT operations and a continued focus on
what works best, Squadra Technologies is helping customers worldwide.
Contacting Squadra Technologies, LLC.
Phone 562.221.3079 (United States and Canada)
Email [email protected]
Mail Squadra Technologies, LLC.
World Headquarters
7575 West Washington Ave. Suite 127-252
Las Vegas, NV 89128
USA
Web site http://www.squadratechnologies.com/

Page 80

You might also like