Desired Configuration Management Security Best Practices and Privacy Information
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Sign configuration data to verify the integrity of your configuration items Published configuration data can be digitally signed so that you can verify the publishing source and be sure that the data has not been tampered with. If the digital signature verification check fails, you will be warned and prompted to continue with the import. You should import Microsoft System Center Configuration Manager 2007 configuration data from external sources only if it has a valid digital signature from a trusted publisher.
Desired configuration management evaluates your client computers against configuration items to see if they comply with configuration baselines. Compliance information is sent back to the site server and stored in the site database. The information is encrypted while being sent back to the management point but it is not stored in encrypted form in the site database. Information is retained in the database until deleted by the site maintenance task Delete Aged Configuration Management Data every 90 days. You can configure the deletion interval. Compliance information is not sent to Microsoft.
Desired configuration management is not enabled by default. You must configure the configuration items and configuration baselines to monitor. Before configuring desired configuration management, consider your privacy requirements.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.