Compliance setting to the rescue, however, I won't cover how to create one from scratch. We are using one to set this line below in mms.cfg so that Skype Broadcast will work in IE on Windows 7.
The mms.cfg file is located in %WINDIR%\System32\Macromed\Flash or %WINDIR%\SysWOW64\Macromed\Flash depending on the arch. We have a Powershell Discovery Script that looks for this line in mms.cfg and reports back and then a Remediation Script that sets it if needed.
For the Configuration Item we set the Supported Platforms to Workstation OS' of Windows 7 and higher as it may impact Windows 10.
The Compliance Rules are pretty straightforward. We have two rules, one for System32 and the other for SysWOW64 locations. This screenshot is for System32 and it looks for the script to return 'OK' and if not to run the remediation script.
$SettingsToRemove = @( ) $SettingsToAdd = @( "AutoUpdateDisable=1" "SilentAutoUpdateEnable=0" "EnableIEClickToPlay=1" )
On the client side, the baseline's compliance report is pretty straightforward.