Sample Configuration Item: Check that the Windows Firewall is Enabled Using Desired Configuration Management

 

Purpose of the Configuration Item

These configuration items check for a useful security setting that helps to protect computers from unauthorized incoming connections. The WQL query setting used to determine compliance is slightly different on Windows Vista than on Windows XP operating systems, and so both procedures are given as separate configuration items.

Note
If you need to check the firewall settings for both operating systems, configure the first configuration item and then duplicate it. Then modify the duplicate so that it has a unique name, unique description, the correct WQL query, and the correct operating systems specified for applicability.

These configuration items can also be used as a simple test to ensure that desired configuration management is working as expected.

Procedure for Windows Vista

To author a general configuration item to check that the firewall service is started and set to start automatically - on computers running Windows Vista:

1. In the Configuration Manager console, navigate to System CenterConfiguration Manager / Site Database / Computer Management / Desired Configuration Management.
   
2. Expand the Desired Configuration Management node, right-click Configuration Items, click New, and then click General Configuration Item.
   
3. On the Identification page of the Create General Configuration Item Wizard, specify the following:
   
   • Name: Specify a unique and descriptive name for the configuration item, such as Security Setting for Windows Vista: Windows Firewall Enabled.
     
   • Description: Specify a description for the configuration item, such as This configuration item determines whether the firewall service is started and set to automatically start on computers running Windows Vista.
     
   • Click Next twice.
     
4. On the Settings page of theCreate General Configuration Item Wizard, click New, and then click WQL Query.
   
5. In the New WQL Query Settings Properties dialog box, specify the following on the General tab:
   
   • Display name: Windows Firewall is running
     
     
   • Description: Checks if Windows Firewall service is running
     
     
   • Namespace: Root\CIMV2
     
     
   • Class: Win32_Service
     
     
   • Property: Started
     
     
   • WQL query WHERE clause: Name="MpsSvc"
     
     
6. Click the Validation tab, and then specify the following:
   
   • Data Type: String
     
     
   • DetailsSt: Click the New icon.
     
7. In the Configure Validation dialog box, specify the following:
   
   • Name: Started=true.
     
   • Description: Service should be started.
     
   • Operator: Equals
     
     
   • Value: true
     
     
   • Severity: Warning
     
     
8. Click OK twice to close the New WQL Query Setting Properties dialog box.
   
9. On the Settings page of theCreate General Configuration Item Wizard, click New, and then click WQL Query.
   
10. In the New WQL Query Settings Properties dialog box, specify the following on the General tab:
    
    • Display name: Windows Firewall starts automatically
      
      
    • Description: Checks if Windows Firewall service starts automatically
      
      
    • Namespace: Root\CIMV2
      
      
    • Class: Win32_Service
      
      
    • Property: StartMode
      
      
    • WQL query WHERE clause: Name="MpsSvc"
      
      
11. Click the Validation tab, and then specify the following:
    
    • Data Type: String
      
      
    • Details: Click the New icon.
      
12. In the Configure Validation dialog box, specify the following:
    
    • Name: StartMode=Auto.
      
    • Description: Service should start automatically.
      
    • Operator: Equals
      
      
    • Value: Auto
      
      
    • Severity: Warning
      
      
13. Click OK twice to close the New WQL Query Setting Properties dialog box.
    
14. On the Settings page of the Create General Configuration Item Wizard, click Next.
    
15. On the Applicability page of the Create General Configuration Item Wizard, specify the following:
    
    • All x64 Windows Vista
      
      
    • All x86 Windows Vista
      
      
    • x64 Windows Vista Original Release
      
      
    • x86 Vista Original Release
      
      
16. Click Next twice, and close the Wizard Completed page.
    

Procedure for Windows XP

To author a general configuration item to check that the firewall service is started and set to automatically start - on computers running Windows XP Professional:

1. In the Configuration Manager console, navigate to System CenterConfiguration Manager / Site Database / Computer Management / Desired Configuration Management.
   
2. Expand the Desired Configuration Management node, right-click Configuration Items, click New, and then click General Configuration Item.
   
3. On the Identification page of the Create General Configuration Item Wizard, specify the following:
   
   • Name: Specify a unique and descriptive name for the configuration item, such as Security Setting for Windows XP: Windows Firewall Enabled.
     
   • Description: Specify a description for the configuration item, such as This configuration item determines whether the firewall service is started and set to automatically start on computers running Windows XP.
     
   • Click Next twice.
     
4. On the Settings page of theCreate General Configuration Item Wizard, click New, and then click WQL Query.
   
5. In the New WQL Query Settings Properties dialog box, specify the following on the General tab:
   
   • Display name: Windows Firewall is running
     
     
   • Description: Checks if Windows Firewall service is running
     
     
   • Namespace: Root\CIMV2
     
     
   • Class: Win32_Service
     
     
   • Property: Started
     
     
   • WQL query WHERE clause: Name="sharedaccess"
     
     
6. Click the Validation tab, and then specify the following:
   
   • Data Type: String
     
     
   • Details: Click the New icon.
     
7. In the Configure Validation dialog box, specify the following:
   
   • Name: Started=true.
     
   • Description: Service should be started.
     
   • Operator: Equals
     
     
   • Value: true
     
     
   • Severity: Warning
     
     
8. Click OK twice to close the New WQL Query Setting Properties dialog box.
   
9. On the Settings page of theCreate General Configuration Item Wizard, click New, and then click WQL Query.
   
10. In the New WQL Query Settings Properties dialog box, specify the following on the General tab:
    
    • Display name: Windows Firewall starts automatically
      
      
    • Description: Checks if Windows Firewall service starts automatically
      
      
    • Namespace: Root\CIMV2
      
      
    • Class: Win32_Service
      
      
    • Property: StartMode
      
      
    • WQL query WHERE clause: Name="sharedaccess"
      
      
11. Click the Validation tab, and then specify the following:
    
    • Data Type: String
      
      
    • Details: Click the New icon.
      
12. In the Configure Validation dialog box, specify the following:
    
    • Name: StartMode=Auto.
      
    • Description: Service should start automatically.
      
    • Operator: Equals
      
      
    • Value: Auto
      
      
    • Severity: Warning
      
      
13. Click OK twice to close the New WQL Query Setting Properties dialog box.
    
14. On the Settings page of the Create General Configuration Item Wizard, click Next.
    
15. On the Applicability page of the Create General Configuration Item Wizard, specify the following:
    
    • All x64 Windows XP Professional
      
      
    • All x86 Windows XP
      
      
    • x64 Windows XP Professional SP1
      
      
    • x64 Windows XP Professional SP2
      
      
    • x86 Windows XP Professional Service Pack 2
      
      
16. Click Next twice, and close the Wizard Completed page.
    
    Reference: https://technet.microsoft.com/en-us/library/bb632993.aspx