When creating compliance settings for new applications I often like to grab settings from a known machine. It works well and pre-fills a lot of the rules for me, unlike manually entering the value.

But I am fed up of having to re-navigate to the remote registry location I am grabbing these values from. Please please please can you get the console to remember the last registry location used when creating CIs?

The same would be useful for file/folder paths too

Global Conditions - Registry Value - you should be able to specify as Decimal or Hexadecimal

I don't know if its common in Microsoft but most places I have worked it is always common for the browser to have the companies website as its homepage along with adding it to its favourites, why is this not a option under the Microsoft Edge Browser Profiles?

Currently the folder redirection feature in SCCM doesn't take an environmental variable as a good path; it requires \SERVER\SHARE.

With OneDrive being common place in Office 365, please allow us to enter a command such as:

%userprofile%<SyncFolder>

where Sync folder is the name of your organization's onedrive folder.

as documented by the Office team.

https://support.office.com/en-us/article/redirect-known-folders-to-onedrive-for-business-e1b3963c-7c6c-4694-9f2f-fb8005d9ef12

So that we can use SCCM to manage this.

Thanks! :)

Configuration Management needs the ability to check for Audit settings on a folder, much like it checks security settings.

I know it can be done in powershell, but thats a very long and nasty road.

Now that CM caches boundary groups it would be good to be able to define some compliance settings / policy settings against a boundary group and to be able to apply these just as the cached boundary group data is updated.

I cant find the documentation on how to configure UE-V, Config item and Baselines with Windows 10 and SCCM. It all seems a bit fragmented. most of it relates to Windows 7.

1607-1 has the EU-V client build in and some templates on the clients but how do I set this up without using any group policies to set the template paths, and how do Baselines work.

When writing scripts for compliance/remediation rules, the font size is tiny, with no way to adjust it. This makes finding critical marks such as closed quotes, very difficult. I realize copy and paste is available, but for quick one or two line powershell scripts, I really should be able to see what I am doing-- or at least have an option to resize the font.

Need a possibility to manage Proxy Settings via config man.

There should be an option to select existing packages/application other then PS,VBS & JS scripts for Compliance remediation. most orgs just miss out some pcs and compliance is mainly used by many company's to get the software installed to the missing ones.

We can create a collection for non compliant systems and deploy app/package to them manually, but giving an option in remediation option will make it easy/simple and user-friendly.

As it is with the Scripting Node, there are some that may utilize the feature that Scripts need to be Approved; would like to see a mechanism on DCM on the Configuration Item that requires review/approval before it can be attached and deployed in a baseline. The goal is to keep operators from skirting the scripting approval process by using a DCM Object to perform the actions they want to execute that they could not do via Scripting due to lack of approval.

When a user wants to know if their PC is 'compliant' then the Software Center 'compliance' tab confusingly doesn't relate to their actual compliance with software updates, its for an unused conditional access feature (or am I wrong and the only one confused by this.) users go to the compliance tab and think they are up to date. how can users know if they are patch 'compliant/?

on the compliance item, add deployments tab with the capability of creating collection from the compliance item. You can do it on the compliance baseline but that is not sufficient as a baseline may have more than 1 CI so your target collection MAY have a mix of issues. OR just make it where you can deploy a CI in addition to baseline with same capabilities

report to show which compliance item is non compliant for a compliance baseline

Add a priory order option to Compliance Items 'settings'. Currently you can have multiple settings but you don;t know in which order they process. if you have 'setting 1' dependent on 'setting 2' you can't specify the order in which they process. Same might go for Baselines but that not my current need.

For networks that require port-based 802.1x authentication, group policy wired network profiles is the recommended way to manage the authentication settings for LAN interfaces. It would be really useful if ConfigMgr could manage and apply the wired network profiles. Managing the settings from ConfigMgr would allow us to take more steps away from using Group Policy to manage device settings.

When you create a configuration item you can select "Supported Platforms" but why not also allow the use of "Global Conditions" so we can further restrict how the rule would be appeared?

An example, I need to test for a hotfix being present on Windows 7 x86 & x64 machines but only need the update on laptops.

If we have AllSigned selected as a powershell execution policy either as a global gpo or via the client, any script blocks that are written for detection methods on applications or discovery/remediation for config items will fail since they "aren't signed". Organizations where execution policies are scoped as such aren't able to use these features when the configmgr client downloads the scripts to the staging area and scrambles the script name.

Currently we have certain Baselines that are applied to our master collection of all computers in the organization. However, when we replace a lab we should be able to run that baseline without having to run it against the master collection.