Feb 24, 2015

If you don’t already know, the Security Compliance Manager (SCM) is just one of the great Microsoft Solution Accelerator tools that you can download for free to help you manage your machines (a list of which can be found here).  SCM helps administrators automate some of the tasks involved in securing their computers, and it can also be combined with System Center Configuration Manager (including SCCM 2012 R2). SCM contains various settings and baselines specific to an operating system version, product version, and component, which can be imported into the SCM in the form of .cab files as new ones become available. The SCM allows you to view the individual settings, plan, deploy, operate and manage your own security baselines by comparing the imported baselines to your existing or default settings, or even multiple imported GPO backups. It then allows you to customise those settings as needed and export them as another GPO backup, XLS formatted file, Desired Configuration Management (DCM) pack or a Security Content Automation Protocol (SCAP) file. These can then be rolled out to both stand-alone and domain joined computers. The SCM also includes a number of Security Guides for the major operating system versions and various product versions. These guides contain the latest instructions and recommendations to help you secure your environment, allowing you to achieve a secure, reliable and centralised network. Of course, all of this requires regular updates on the new and improved operating systems and products, and the latest  was officially released back in mid-August 2014, which contains four separate sets of new baselines along with their documentation and instructions, for Windows 8.1, Windows Server 2012 R2 Domain Controllers, Windows Server 2012 R2 Member Servers and Internet Explorer 11. It was further updated on the 2^nd September 2014, to revise the Member Server baseline, enabling correct Failover Cluster operation in the recent “Deny access to this computer from the network” security guidelines to prevent “pass the hash” type attacks.

SCM 3.0 can be downloaded from here, and details about these new baselines and the update, along with a link to the zip file download can be found here, so check it out and use it to ensure your machines meet the latest security compliance guidelines!