You can use the results of a Baseline Drift Report for a wide variety of purposes, ranging from simply noting the level of drift to changing the security policy for some or all of your computers.
Most of the actions you take can be done in the console, although some of them must be done manually (for example, restoring missing files). In general, you select the check box next to files you want to act on. Many of the choices for responding are on the Action menu.
You can remediate drift in the following ways:
- Add Files to Snapshot: If the baseline drift report ias based on one or more snapshots, you can click the Show Snapshot link and add all files or just selected files in the report to a snapshot. The files you add are immediately removed from the report and do not become part of subsequent reports. Note that when a file group is selected, all files in the group are added to the snapshot.
- Locally Approve Files: Using the Action menu, you can select Approve Locally for selected files in a drift report. In addition to allowing the file to execute on the computer on which it was found, this action excludes the file from future drift reports if the report excluded all approved files (the default).
- Remove Local Approval: Using the Action menu, you can Remove Local Approval on selected locally approved files in a drift report.
- Globally Approve or Ban Files: Using the Action menu, you can Globally Approve or Globally Ban selected files in a drift report.
- Create Custom Approvals or Bans: Using the Action menu, you can select Approve by Policy or Ban by Policy to create custom approvals or bans for checked files in a drift report. For approvals, you can approve by policy or choose to Mark the checked files as installers. For bans, you can ban by policy and block files banned, or report that the files would have been blocked if the ban had been fully enforced.
- View and Act on Members of a File Group: To see the details of a file group, can click the file name or the View Details button, which shows a page with files in the group that contribute to drift. Here, you can approve or ban files on an individual basis.
- From a drift report you can drill down to the File Details page for access to many of the actions described here.
- Approve or Ban Files by Group or Trust Methods: Rather than approving or banning individual files, you can approve the root package that installs a group of files. You might approve files by Publisher, Updater, or User (through the Software Rules page) if you notice that a large number of files from the same source display in your drift reports and you are willing to trust that source. Although making this kind of change does not affect the current report, it ensures that the files covered by the change do not appear in future generations of the report (or other, similar reports) as long as you are not including approved files in the report.
- Add or Remove Files: Outside of the console, you can add or remove files from one or more of your systems based on the information in the drift report, reducing the drift shown in future reports .