top of page

Open SCM and on the right hand side under Import click on 'GPO Backup (Folder)'

Browse to the GPO backup, the root folder will be a guid, select that folder.

Provide a meaningful name

Select the newly imported Baseline, on the right hand side under 'Export' click on 'SCCM DCM 2007 (cab)'

Associate with the Product with the highest unique settings to minimise loss of settings.

Save the cab file

Open the ConfigMgr console and under 'Assets and Compliance' right click on 'Configuration Items' and either create a folder or proceed and select 'Import Configuration Data'

Click 'Add' and select the cab file

'Yes' to the warning message

Complete the import wizard.

The GPO settings will have been imported and is also creates the 'Configuration Baseline'

As you can see 

Taking a look at the 'Settings' tab for Windows Defender you can interrogate the items being validated.

The configuration items are imported with a specified OS, not compatible with my current version of Windows, so for each and every item the 'Supported Platforms' requires updating to .....

Right click on the baseline and 'Deploy'

Browse to the target collection, in my case 'All Workstations'

Don't check the 'Remediate noncompliant rules when supported' its GPO and they will end up fighting each other.

Set the number of days to something more suitable

Logon to the client and run 'Machine Policy Retrieval & Evaluation Cycle'

Select the 'Configurations' tab and click on the new Baseline and then 'Evaluate'

Review the report and fix any issues.

As an example the settings were not updated for the correct OS producing a 'Not Detected' error

To check compliance across the enterprise run 'Summary Compliance by Configuration Items for a Configuration Baseline' ConfigMgr report.

bottom of page