After running a Compliance Job based on one of the Compliance Content component templates, you can access job results and manually remediate the configuration of components that failed the Compliance Job. The remediation process runs a Deploy Job and deploys one of the BLPackages provided in the Compliance Content libraries, as specified in the remediation options of a specific compliance rule.
After performing remediation, you can still change your mind and undo the remediation.
As of Service Pack 3 for BMC Server Automation 8.2, remediation for the CIS - Windows Server 2008 template and the PCIv2 - Windows Server 2008 template is provided for both Member Servers and Domain Controller servers. For Domain Controller servers, remediation is provided on Default Domain Controller Security Policy and/or Default Domain Security Policy, as per the settings you have specified for the REMEDIATE_SETTING_FOR_GPO template property.
Before performing the remediation operation, you must ensure that you have set appropriate values for the following properties:
Use this template property to specify the GPO Policy to be remediated.
Use this server property to specify the type of server on which to remediate — either DC (Domain Controller) or MS (Member Server).
In addition, ensure that you have set appropriate values for the following properties in the Server built-in property class. For more information, see CIS properties in the Server built-in property class or PCI properties in the Server built-in property class.
PCI Properties or CIS Properties
Remediation of audit rules for the CIS - Windows Server 2008 template and the PCIv2 - Windows Server 2008 template is not supported on Windows 2008 R2 target servers.
Although on a Member Server the User Rights Assignment and Security Options group of rules are designed to remediate only the local settings, the BMC Server Automation Console may display remediated values for both local and effective settings. Similarly, if you push a value from the domain controller, the BMC Server Automation Console may display that value for both local and effective settings. Consult your local system administrator to bring the Group Policy in line with the BMC Server Automation Compliance Policy.
For full instructions, see Manually remediating compliance results.