Jay Paloma's Tech and Music Blog

Sometimes, this writer can no longer distinguish between the two.

Microsoft Security Compliance Manager

leave a comment »

Microsoft recently launched the Microsoft Security Compliance Manager. According to the Microsoft website:

Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.

Let’s see what SCM can do

1. Security policies for Windows versions. SCM comes with default security policies for Microsoft products, and for Windows servers, even the different server roles. This is cool for me as an infra guy!

2. View policy details. With SCM you can view the details of the different security policies if your objective is just to visually compare

3. Export, compare and export the baseline to Excel. These are what you can do to a specific security policy

4. Update baselines for new Microsoft products. Products launched after SCM will also be updated by downloading baselines from Microsoft.

5. Download Microsoft Security Guides. The security guides for Microsoft products are now included in Microsoft Security Compliance Manager. Personally — this is how I discovered this tool, because I was looking for the security guide for Windows Server 2008 R2!

6. Create a GPO Backup of the policy and restore it to a GPO. After you customize the security policy, you can export the policy as a GPO backup, then import it to a GPO in Active Directory.

You can download Microsoft Security Compliance Manager here


Written by jpaloma

February 15, 2011 at 12:40 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: