Is it possible to use SCCM or any component of MSSC to report on specific settings of a .NET configuration within an application/site object's app.config hosed in IIS?  If so, what are the highlevel components and methods that would be used?  For an example, can I define that impersonation=false is my basline for all IIS applications and SCCM identify applications where it is set to true - AKA not in compliance with my baseline/standard?

I'm having a hard time finding documentation on this level of functionality of configuration manager or any component of system center if it exists.  Audit would tell me of changes, but not of mis-alignments to my .NET configuration standards.  I am finding a lot on how to deploy and configure SCCM, or monitor the health of a .NET application, neither are what I'm after.  

I need to operationalize testing of if IIS .NET applications are in compliance of a predefined .NET/IIS configuration standard.  Or, if I need to defer to remote managment and scripting (not prefered).

Thanks for all input!

Jeff

You could do this with DCMs (Desired Configuration Management). Basically you do a configuration item that you attach to a configuration baseline. Then you deploy that baseline to the servers hosting your IIS applications. You may need to use a script to accomplish what you are trying to do. Here are some references to get you started with:

http://www.addlevel.se/blogg/configmgr-dcmcompliance-check-if-iis-is-using-basic-authentication-over-http.aspx

http://blogs.technet.com/b/kevinsul_blog/archive/2010/02/15/simple-dcm-example-using-a-ps-script-to-detect-compliance-issues-with-local-administrators-group-membership.aspx

http://social.technet.microsoft.com/Forums/systemcenter/en-US/b68277e7-926c-47b2-9fae-a7862910aefc/how-to-find-iis-and-its-configuration-by-dcm?forum=configmgrdcm

• Proposed as answer by narcoticoo 18 hours 35 minutes ago

Just to add to the thread, take a look at Security Compliance Manager 3.0. This gives you the default OS behavior and the recommended behavior for a variety of configuration items. You can select the server OS and then select what role the server will have, and get a list of configuration items which can be exported out of SCM 3.0 and into CM 2012. Once imported, you can deploy the baselines and report on them.

You could do this with DCMs (Desired Configuration Management). Basically you do a configuration item that you attach to a configuration baseline. Then you deploy that baseline to the servers hosting your IIS applications. You may need to use a script to accomplish what you are trying to do. Here are some references to get you started with:

http://www.addlevel.se/blogg/configmgr-dcmcompliance-check-if-iis-is-using-basic-authentication-over-http.aspx

http://blogs.technet.com/b/kevinsul_blog/archive/2010/02/15/simple-dcm-example-using-a-ps-script-to-detect-compliance-issues-with-local-administrators-group-membership.aspx

http://social.technet.microsoft.com/Forums/systemcenter/en-US/b68277e7-926c-47b2-9fae-a7862910aefc/how-to-find-iis-and-its-configuration-by-dcm?forum=configmgrdcm

• Proposed as answer by Narcoticoo Monday, February 10, 2014 5:45 PM
• Marked as answer by Garth JonesMVP, Moderator Saturday, February 22, 2014 2:34 PM

is Security Compliance Manager 3.0 still going ? i thought it had been culled.