I have been work with tech support for 6 weeks on this. There have been 2 hotfixes for this so far... only one hotfix per ticket allowed so there should be at least one more.
I helped identify 3 settings for workstations that were always out of compliance. This was fixed with the first 2 related hotfixes. (CS143685,147095)
the next issue was the servers had one setting that awlays appeared to be out of compliance. This was fixed with the last related hotfix. (CS152949)
The current issue is that although the icon indicates servers out of compliance, you can view the details and they indicate it is compliant. So which is right? read on.
I think it is important to note that despite the out of compliance indications, the policy settings were always applied correctly. This appears to be just a problem coding the compliance checking algorithims.
I have spent a lot of time with tech support to resolve this and we're getting close. They have been extremly busy. I call twice a day to check on progress and give feedback when the hotfix comes out. The problem for me has been that by the time I give them the feedback, usualy within 24 hours, the tech working on it moves on to another task. It takes a couple of days to get the newly assigned tech up to speed.
That said, we have to remember that the techs don't use the software like we do. They work on little bits of the whole and do not always know how the bits go together.
I just checked on my applied hotfixes and there are at least a couple of thousand that have been applied this year - they've been busy!
I'll try to update this thread when I know we can count on the compliance reporting.
