Configure Client remediation in ConfigMgr. 2012 to monitor only using Settings Management

When you install the ConfigMgr. 2012 client, you also get a scheduled Windows task that run daily health checks on the client, and if needed remediates the client. That is a great feature for most our clients, but maybe not a feature you want to implement on all clients. On some servers you might not allow uncontrolled software installations, even if it is an attempt to reinstall the client. To prevent the client from being remediated configure the NotifyOnly registry key from FALSE to TRUE in HKLM\Software\Microsoft\CCM\Ccmeval\NotifyOnly


When knowing the registry key and value, it’s easy to configure a CI (Configuration Item) and deploy that using the new Settings Management feature.

  1. Navigate to the Assets and Compliance workspace and select Compliance Settings.
  2. Select Configuration Items and click Create Configuration Item on the ribbon.
  3. On the General page type a descriptive name like Disable automatic client remediation for the CI and click Next.
  4. On the Supported Platforms page, click Next.
  5. On the Settings page, click New.
  6. You now have to choices: 1, specify all the registry values manually or 2 use a reference computer that has the settings you are looking for. To use option 2, click Browse.
  7. In Computer name, type the name of the reference machine and click Connect.
  8. Browse to HKLM\Software\Microsoft\CCM\Ccmeval and select the key NotifyOnly.
  9. Select The registry value must exist on the client device and The registry value must satisfy the following rule if present: Equals TRUE
  10. Click OK.
  11. Select the Compliance Rules tab.
  12. Select NotifyOnly Equals TRUE and click Edit.
  13. Enable Remediate noncompliant Rules when supported and click OK.
  14. Finish the wizard using the default settings.
  15. Back in the Configuration Manager console, select Configuration Baselines and click Create Configuration Baseline on the Ribbon.
  16. Type a name for the baseline like Disable automatic client remediation and click Add Configuration Items.
  17. Select the Disable automatic client remediation CI and click OK.
  18. Back in the console, select the Baseline and click Deploy in the Ribbon. In this example I’ll deploy the baseline to a collection called SRV Domain Controllers.
  19. Enable Remediate noncompliant rules when supported.
  20. Click Browse and select the SRV Domain Controllers collection.
  21. Click OK to finish the deployment.

Comments (2):

  1. […] Configuring servers to not auto remediate using Settings management […]

  2. Terrence says:

    Kent, Do you recommend creating this compliance setting in a SCCM environment? We are having some issues with clients failing ccmeval and health checks. Thanks,

Leave a Reply