Configure Client remediation in ConfigMgr. 2012 to monitor only using Settings Management

When you install the ConfigMgr. 2012 client, you also get a scheduled Windows task that run daily health checks on the client, and if needed remediates the client. That is a great feature for most our clients, but maybe not a feature you want to implement on all clients. On some servers you might not allow uncontrolled software installations, even if it is an attempt to reinstall the client. To prevent the client from being remediated configure the NotifyOnly registry key from FALSE to TRUE in HKLM\Software\Microsoft\CCM\Ccmeval\NotifyOnly


When knowing the registry key and value, it’s easy to configure a CI (Configuration Item) and deploy that using the new Settings Management feature.

  1. Navigate to the Assets and Compliance workspace and select Compliance Settings.
  2. Select Configuration Items and click Create Configuration Item on the ribbon.
  3. On the General page type a descriptive name like Disable automatic client remediation for the CI and click Next.
  4. On the Supported Platforms page, click Next.
  5. On the Settings page, click New.
  6. You now have to choices: 1, specify all the registry values manually or 2 use a reference computer that has the settings you are looking for. To use option 2, click Browse.
  7. In Computer name, type the name of the reference machine and click Connect.
  8. Browse to HKLM\Software\Microsoft\CCM\Ccmeval and select the key NotifyOnly.
  9. Select The registry value must exist on the client device and The registry value must satisfy the following rule if present: Equals TRUE
  10. Click OK.
  11. Select the Compliance Rules tab.
  12. Select NotifyOnly Equals TRUE and click Edit.
  13. Enable Remediate noncompliant Rules when supported and click OK.
  14. Finish the wizard using the default settings.
  15. Back in the Configuration Manager console, select Configuration Baselines and click Create Configuration Baseline on the Ribbon.
  16. Type a name for the baseline like Disable automatic client remediation and click Add Configuration Items.
  17. Select the Disable automatic client remediation CI and click OK.
  18. Back in the console, select the Baseline and click Deploy in the Ribbon. In this example I’ll deploy the baseline to a collection called SRV Domain Controllers.
  19. Enable Remediate noncompliant rules when supported.
  20. Click Browse and select the SRV Domain Controllers collection.
  21. Click OK to finish the deployment.
By |2011-11-15T21:34:04+00:00November 15th, 2011|Configuration Manager (SCCM), General info|2 Comments

About the Author:

Kent Agerlund
Microsoft Regional Director, Enterprise Mobility MVP. Microsoft Certified Trainer and Principal consultant. I have been working with Enterprise client management since 1992. Co-founder of System Center User Group Denmark in 2009. Certified MCITP: Enterprise Administrator, MCSA+Messaing, and much more. Member of: Microsoft Denmark System Center Partner Expert Team The Danish Technet Influencers program System Center Influencers Program.


  1. […] Configuring servers to not auto remediate using Settings management […]

  2. Terrence September 10, 2014 at 23:32 - Reply

    Kent, Do you recommend creating this compliance setting in a SCCM environment? We are having some issues with clients failing ccmeval and health checks. Thanks,

Leave A Comment