Auditing IIS Application Settings with SCCM
		
	
							Is it possible to use SCCM or any component of MSSC to report on specific settings of a .NET configuration within an application/site object's app.config hosed in IIS?  If so, what are the highlevel components and methods that would be used?  For
 an example, can I define that impersonation=false is my basline for all IIS applications and SCCM identify applications where it is set to true - AKA not in compliance with my baseline/standard?
I'm having a hard time finding documentation on this level of functionality of configuration manager or any component of system center if it exists.  Audit would tell me of changes, but not of mis-alignments to my .NET configuration standards.  I
 am finding a lot on how to deploy and configure SCCM, or monitor the health of a .NET application, neither are what I'm after.  
I need to operationalize testing of if IIS .NET applications are in compliance of a predefined .NET/IIS configuration standard.  Or, if I need to defer to remote managment and scripting (not prefered).
Thanks for all input!
Jeff
		
					February 10th, 2014 11:57am
			
	 
			
	
							You could do this with DCMs (Desired Configuration Management). Basically you do a configuration item that you attach to a configuration baseline. Then you deploy that baseline to the servers hosting your IIS applications. You may need to use a script to
 accomplish what you are trying to do. Here are some references to get you started with:
http://www.addlevel.se/blogg/configmgr-dcmcompliance-check-if-iis-is-using-basic-authentication-over-http.aspx
http://blogs.technet.com/b/kevinsul_blog/archive/2010/02/15/simple-dcm-example-using-a-ps-script-to-detect-compliance-issues-with-local-administrators-group-membership.aspx
http://social.technet.microsoft.com/Forums/systemcenter/en-US/b68277e7-926c-47b2-9fae-a7862910aefc/how-to-find-iis-and-its-configuration-by-dcm?forum=configmgrdcm
                        
                
                        
            
                    - Proposed as answer by
                            narcoticoo
                        18 hours 35 minutes ago		
February 10th, 2014 12:49pm
			
	 
			
	
							Just to add to the thread, take a look at Security Compliance Manager 3.0. This gives you the default OS behavior and the recommended behavior for a variety of configuration items. You can select the server OS and then select what role the server will
 have, and get a list of configuration items which can be exported out of SCM 3.0 and into CM 2012. Once imported, you can deploy the baselines and report on them.		
		
					February 10th, 2014 1:08pm
			
	 
			
	
							You could do this with DCMs (Desired Configuration Management). Basically you do a configuration item that you attach to a configuration baseline. Then you deploy that baseline to the servers hosting your IIS applications. You may need to use a script to
 accomplish what you are trying to do. Here are some references to get you started with:
http://www.addlevel.se/blogg/configmgr-dcmcompliance-check-if-iis-is-using-basic-authentication-over-http.aspx
http://blogs.technet.com/b/kevinsul_blog/archive/2010/02/15/simple-dcm-example-using-a-ps-script-to-detect-compliance-issues-with-local-administrators-group-membership.aspx
http://social.technet.microsoft.com/Forums/systemcenter/en-US/b68277e7-926c-47b2-9fae-a7862910aefc/how-to-find-iis-and-its-configuration-by-dcm?forum=configmgrdcm
                        
                
                        
            
                    - 
                        Proposed as answer by
                            Narcoticoo
                        Monday, February 10, 2014 5:45 PM
                    
- 
                        Marked as answer by
                            Garth JonesMVP, Moderator
                        Saturday, February 22, 2014 2:34 PM		
February 10th, 2014 8:45pm
			
	 
			
	
							is Security Compliance Manager 3.0 still going ? i thought it had been culled.		
		
					February 17th, 2015 12:54pm