The four community tools Registry to PowerShell converter (Reg2CI), PowerShell Policy Editor, ConfigMgr Remote Compliance, and Convert-GPOtoCI are very useful when it comes to managing configuration items (CIs) and baselines in System Center Configuration Manager (SCCM).

The Configuration Manager community is great! Many tools, scripts, and tips out there help the everyday SCCM administrator get the job done in an efficient way, saving time and money.

I still configuration baselines are a very underused feature in Configuration Manager and always have been. Baselines are powerful, simple, and return information we can act on, and automatically act on as well. Automation is key!

If you haven't tried this out before, you can create a collection based on the compliance state of a configuration baseline. Right-clicking on the deployment provides an option to create a collection based on the compliance state.

Create a collection based on compliance

Create a collection based on compliance

I want to highlight four tools:

  • Registry to PowerShell converter (Reg2CI) by Roger Zander
  • PowerShell Policy Editor by Roger Zander
  • Configuration Manager Remote Compliance by Trevor Jones
  • Create ConfigMgr Configuration Items from Group Policy Object by Sam Roberts

Reg2CI by Roger Zander

If you want to create a PowerShell script to use as a SCCM CI to check for a registry key and modify it, Roger Zander has created a cool web tool.

You can just drop your .reg or. pol file into the tool, and you can create both a discovery and a remediation script for that registry setting as well. My example below shows the registry key that makes sure SCCM Remote Tools logs to the primary site server even if executed standalone.

Registry to PowerShell converter

Registry to PowerShell converter

Then we can simply paste the result to our CI in the SCCM admin console.

PowerShell Policy Editor by Roger Zander

More and more devices in organizations don't support Group Policy. Thus, the PowerShell Policy Editor is extremely useful. It's basically a web-based Group Policy editor that gives you the result in PowerShell. We also get all the benefits of the reports in SCCM whether we're applying the settings or not.

PowerShell Policy Editor

PowerShell Policy Editor

Convert-GPOtoCI by Sam Roberts

I have used ConfigMgr Configuration Items from Group Policy Object (Convert-GPOtoCI) a number of times. It can export a Group Policy or Resultant Set of Policy (RSOP) result either directly to a configuration item  or to a .cab file that we can import in SCCM, which is great!

It does not create a PowerShell script like the tool I described earlier, but registry-based CIs instead. This fills a gap that the retired Security Compliance Manager has created. We can simply export our important Group Policies to CIs and baselines so we can make sure we've applied them.

The script can also add remediation to registry-based Group Policy settings so we can check them with a CI. I have used the tool to export the Microsoft Security Compliance Group Policies and import the settings that SCCM supports. This allowed me to make sure I configured them according to the Security Baseline.

Here is a sample command:

.\Convert-GPOtoCI.ps1 -GpoTarget "Windows 10 1709" -DomainTarget -SiteCode 060 -ExportOnly

The screenshot below shows an example of the of the .cab files.

CAB files created by Convert GPOtoCI

CAB files created by Convert GPOtoCI

I strongly recommend that you check it out!

ConfigMgr Remote Compliance by Trevor Jones

ConfigMgr Remote Compliance is a great troubleshooting tool. It allows you actually to see the display from the SCCM control panel applet and the Configuration tab. You can trigger evaluations, view reports, and refresh the view.

ConfigMgr Remote Compliance

ConfigMgr Remote Compliance

These are the requirements for running it against a remote computer:

Subscribe to 4sysops newsletter!

  • At least PowerShell 5 on the host computer
  • At least PowerShell 3 on the target computer
  • PowerShell remoting enabled
  • Local administrator privilege on the target computer


if you aren't using CIs and baselines, I urge you to work with SCCM community tools. Many great solutions out there can help you in administering Configuration Manager.


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account