SCM – Robert Smit MVP Blog

SCM 3.0 with Windows Server 2012, Windows 8, and IE 10 baselines Now in beta

SCM is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers whether their located on desks, in traditional datacenter, or in a private cloud using Group Policy and Microsoft® System Center Configuration Manager. To learn more about the current version of Security Compliance Manager, SCM 2.5, visit the TechNet Library More info about SCM get it here.

Secure your environment with new product baselines for Windows Server 2012, Windows 8, and Windows Internet Explorer 10. The beta release of Security Compliance Manager (SCM) 3.0 provides all the same great features for these new baselines, as well as an enhanced setting library for these new Microsoft products. This beta release includes fixes that resolve many previously reported issues in the setting library. The updated setting library also gives you the ability to further customize baselines. SCM 3.0 provides a single location for you to create, manage, analyze, and customize baselines to secure your environment faster and more efficiently.

As part of a select group of our key customers, we invite you to participate in the Beta Review Program of these new product baselines that include security enhancements for the following server roles and features:

Windows Server 2012 Security Baselines:

Domain Controller Security Compliance
Domain Security Compliance
Hyper-V Security Compliance
Member Server Security Compliance
Web Server Security Compliance

Windows 8 Security Baselines:

BitLocker Security
Computer Security Compliance
Domain Security Compliance

User Security Compliance:

Internet Explorer 10 Security Baselines:
Computer Security Compliance
User Security Compliance

What is not available in this beta release

The ability to export compliance data using formats that work with the DCM feature in Microsoft System Center Configuration Manager and the Security Content Automation Protocol (SCAP) is temporarily blocked in the new baselines for Windows Server 2012, Windows 8, and Internet Explorer 10. This functionality will be enabled in the next beta release update.

This beta release includes five baselines for Windows Server 2012. The following additional server role baselines will be included in the next beta release update:

Active Directory Certificate Services (AD CS)
DNS Server
DHCP Server
File Services
Network Policy and Access Servers
Print Services
Remote Access
Remote Desktop Services

If you perform a clean installation of SCM 3.0 Beta on a computer running either Windows 8 or Windows Server 2012 that does not also have Microsoft SQL Server software installed on it, you may receive the following compatibility warning message.

A setting named Configure Windows SmartScreen in the Windows 8 Computer Security baseline may not be set in the registry correctly after its Group Policy Object (GPO) is applied. This is a known issue in this beta release that will be fixed in the final commercial release of SCM. The workaround to resolve this issue is to disable or not configure this setting in the baseline before exporting the GPO.

If you export the Windows 8 Computer Security Compliance baseline into a GPO, import the GPO into SCM 3.0 Beta, and then export it to a computer running a Windows operating system earlier than Windows 8 and Windows Server 2012, an application exception message may appear. This is a known issue in this beta release that will be fixed in the final commercial release of SCM. The workaround to resolve this issue is to disable the setting named Configure Windows SmartScreen before clicking GPO Backup (folder) in the Export area of the Action pane in SCM 3.0 Beta.

Security Compliance Manager 2.5 Beta

The Microsoft Security Compliance Manager (SCM) tool—version 2.5—is now available for beta download

NEW baselines include:
•Exchange Server 2007 SP3 Security Baseline
•Exchange Server 2010 SP2 Security Baseline

Updated client product baselines include:
•Windows 7 SP1 Security Compliance Baseline
•Windows Vista SP2 Security Compliance Baseline
•Windows XP SP3 Security Compliance Baseline
•Office 2010 SP1 Security Baseline
•Internet Explorer 8 Security Compliance Baseline

SCM 2.5 enables you to quickly configure and manage your desktops and laptops, traditional data center, and private cloud using Group Policy and Microsoft System Center Configuration Manager.

Configure and manage your computers, traditional data center and private cloud with new and updated baseline configurations available with SCM 2.5 Beta. In addition to key features from the previous version, SCM 2.5 offers new Exchange Server 2010 and 2007 security baselines. Updated SCM2 client product baselines are included in the Beta download as well. Beta client product baselines include Windows 7 SP1, Windows Vista SP2, Windows XP SP3, Microsoft Office 2010 SP1, and Internet Explorer 8.

KeyFeatures in SCM 2.5 include:

Integration with the System Center 2012 IT GRC Process Pack for Service Manager-Beta:Product baseline configurations are integrated into the IT GRC Process Pack to provide oversight and reporting of your compliance activities.
Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
Updated security guidance: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems.

SCM2 tool released in September 2011 with a full complement of Microsoft product baselines, including Windows Internet Explorer 9, Windows Server 2008 R2 Service Pack 1 (SP1), Windows Server 2008 SP2, and Windows Server 2003 SP2. As well as new features such as GPO import, baseline setting customization, Local GPO functionality, enhanced UI and improved installation with SQL Server 2005 and later releases of SQL Server.

To learn more about the Security Compliance Manager tool, visit the TechNet Library page Microsoft.com .

Next Steps

To learn more about the Security Compliance Manager tool,visit the TechNet Library.

Microsoft Security Compliance Manager (SCM 2) tool

Secure Client Computers with updated SCM 2 Client Baselines—Beta now available for download

Available beta baselines are:

Windows 7 SP1 Security Compliance Baseline
Windows Vista SP2 Security Compliance Baseline
Windows XP SP3 Security Compliance Baseline
Office 2010 SP1 Security Baseline
Internet Explorer 8 Security Compliance Baseline

SCM 2 enables you to quickly configure and manage your desktops and laptops, traditional data center, and private cloud using Group Policy and Microsoft System Center Configuration Manager.

SCM 2 is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers, traditional data center, and private cloud using Group Policy and Microsoft System Center Configuration Manager.

If you don’t already have SCM 2, download it from the Microsoft Download Center.

Key features in SCM 2 include:

Integration with the System Center 2012 IT GRC Process Pack for Service Manager-Beta:Product configurations are integrated into the IT GRC Process Pack to provide oversight and reporting of your compliance activities.
Gold master support: Import andtake advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
Updated security guidance: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems.

SCM 2 released with the a full complement of Microsoft product baselines, including Windows Internet Explorer 9, Windows Server 2008 R2 Service Pack 1 (SP1), Windows Server 2008 SP2, and Windows Server 2003 SP2.

Also the security guides are also in the download.

Get SCM2 from the Microsoft Download Center. Click here to download the latest version of the tool.

Security and Compliance Baselines

In addition to the previously released security baselines, the SCM 2 includes a new Windows Internet Explorer 9 Security Baseline, and updated versions of the security and compliance baselines for Windows Server 2008 R2 SP1, Windows Server 2008 SP2, and Windows Server 2003 SP2.

These new beta baselines provide:

Setting severity ratings, allowing you to quickly sort, prioritize, and apply Microsoft security recommendations.
Consolidated product baselines that eliminate EC and SSLF baseline components, and make viewing, customizing, and implementing your security baselines easier than ever!
New compliance-based settings groups allow quicker and easier compliance reporting and audit preparation, when used with theGRC management solution within System Center.

Security Compliance Manager 2

Microsoft Security Compliance Manager (SCM) 2 enables you to take better advantage of your organization’s existing knowledge and investments, and customize security settings with ease.

New Features in SCM 2 Include:

GPO import: SCM 2 is can now able to import Group Policy Object (GPO) Backup files to allow organizations to import and compare their existing knowledge against Microsoft baseline recommendations. This long-awaited feature effectively helps you to customize and manage your organization’s existing knowledge stored in Active Directory.
Baseline setting customization: Modifying baselines just got easier. Adding, extending, or deleting settings from a baseline is an effortless process in this new version of the tool.
Local GPO functionality: Apply security baselines directly to client and server computers using the LocalGPO command-line tool, which enables you to secure stand-alone computers and test different baselines without using Active Directory to deploying them. Use this tool to create local policy snapshots that you can import into SCM 2, using the new GPO import capabilities, which you can then compare, customize, and export as needed.
Additional features: These include a new and enhanced UI that provides simpler navigation in the tool, and improved installation with SQL Server 2005 and later releases of SQL Server.

Version 2 of the SCM tool will release with the a full complement of Microsoft product baselines, including Windows Internet Explorer 9, Windows Server 2008 R2 Service Pack 1 (SP1), Windows Server 2008 SP2, and Windows Server 2003 SP2.

Security and Compliance Baselines

In addition to the previously released security baselines, the SCM 2 beta download includes a new Windows Internet Explorer 9 Security Baseline, and updated versions of the security and compliance baselines for Windows Server 2008 R2 SP1, Windows Server 2008 SP2, and Windows Server 2003 SP2.

These new beta baselines provide:

Setting severity ratings, allowing you to quickly sort, prioritize, and apply Microsoft security recommendations.
Consolidated product baselines that eliminate EC and SSLF baseline components, and make viewing, customizing, and implementing your security baselines easier than ever!
New compliance-based settings groups allow quicker and easier compliance reporting and audit preparation, when used with the GRC management solution within System Center.

Looking Ahead

Additional product baselines are currently in development, including baselines for:

Windows 7 SP1
Microsoft Exchange Server 2007
Exchange Server 2010
SQL Server 2008 and SQL Server 2008 R2 (multiple roles)
Microsoft Office 2010
Windows Vista SP2
Windows XP SP3
Windows Internet Explorer 8

Previously released security baselines include: Windows 7, Windows Vista, Windows XP, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Internet Explorer 8, Microsoft Office 2010, and Office 2007.

You can use local GPo settings

and some screens about group viewing or simple view in the old version all info is on one screen

now it is much better but still you have to know what you are doing. and not all IT pro’s are aware of this. With GPO’s you can easy tear down your domain so never test in the production environment. I see to often that GPo’s are quickly set and have problems afterwards.

Compliance Group View

(IT GRC compliance) Group View.

Great tool that can help you to secure your environment based on the templates.

Security Compliance Manager Updated Templates

We’re pleased to announce the release of new resources that can be used in combination with the Security Compliance Manager tool: the Office 2010 Security Baseline and setting packs for Windows 7 and Internet Explorer 8. Together with the SCM tool, these resources are designed to help organizations efficiently manage the security and compliance process for some of the most widely used Microsoft products.

The security baseline for Microsoft® Office 2010 provides you with free Microsoft-recommended solutions to meet today’s security challenges. In combination with best-practice guidance and the Security Compliance Manager tool, the baseline is designed to help you plan, deploy, and monitor the security of Office 2010 applications. This release also includes a setting pack for Office 2010, enabling you to define baselines that include settings outside the scope of the security baselines from Microsoft.
The Windows® 7 and Windows® Internet Explorer® 8 setting packs, in combination with the Security Compliance Manager tool, will enable you to define baselines that include settings outside the scope of the security baselines from Microsoft. Use these new resources to define custom baselines, meet business-critical needs, and elevate the security of Windows 7 and Internet Explorer 8.

To learn more, visit the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=113940.
New users can access these releases by visiting the Microsoft Download Center to download the Security Compliance Manager tool: http://go.microsoft.com/fwlink/?LinkId=113939. Existing users can access these releases by clicking the Tools menu, and then clicking Check for Baselines.

#teched #tee10

Windows Server 2008 R2 Security Baseline

The Windows Server® 2008 R2 Security Baseline is a new addition to the security baselines released earlier this year that can be used in combination with the Security Compliance Manager tool. The security baseline for Windows Server 2008 R2 provides you with free Microsoft-recommended solutions to meet today’s security challenges. In combination with best-practice guidance and the Security Compliance Manager tool, the baseline is designed to help you plan, deploy, and monitor the security of Windows Server 2008 R2. This release also includes a settings pack for Windows Server 2008 R2, enabling you to define baselines that include settings outside the scope of the security baselines from Microsoft.

To learn more, visit the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=200483
New users can access this baseline by visiting the Microsoft Download Center to download the Security Compliance Manager tool: http://go.microsoft.com/fwlink/?LinkId=113939
Existing Security Compliance Manager tool users can access this baseline by clicking the Tools menu, and then clicking Check for Baselines.

Security Compliance Manager Baseline Beta Review Program

The Security Solution Accelerators team is developing new baselines and settings, all of which are designed to help your organization plan and deploy security baselines with ease and confidence. These new baselines and supporting best-practice guidance are available as part of the Security Compliance Manager Baseline Beta Review Program. The scope of this program includes security baselines for Microsoft Exchange Server 2007, Office 2010, SQL Server® 2008, SQL Server® 2008 R2, and Windows Server 2008 R2; and settings packs for Windows 7 and Internet Explorer 8.

The beta releases in this program are formatted to be imported for use in the Security Compliance Manager tool, which released in early 2010. This powerful tool provides guidance to work with other tools and features of Microsoft products to help you plan, deploy, and monitor your security baselines. The tool enables you to access and automate all of your organization’s baselines in one centralized location, balancing your needs for security and functionality.
To learn more about the Security Compliance Manager tool, visit the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=113940
To download the tool, click here: http://go.microsoft.com/fwlink/?LinkId=182512

Technorati Tags: Server,Baseline,addition,combination,Compliance,Manager,tool,Microsoft,guidance,scope,TechNet,Library,LinkId,Download,Center,Tools,menu,Check,Baselines,Beta,Review,Program,Solution,Accelerators,team,organization,Exchange,Office,Internet,Explorer,features,products,location,needs,solutions,users,fwlink
WordPress Tags: Server,Baseline,addition,combination,Compliance,Manager,tool,Microsoft,guidance,scope,TechNet,Library,LinkId,Download,Center,Tools,menu,Check,Baselines,Beta,Review,Program,Solution,Accelerators,team,organization,Exchange,Office,Internet,Explorer,features,products,location,needs,solutions,users,fwlink

Security Compliance Manager Exchange

The latest release in the Security Compliance Manager Baseline Beta review program is a new security baseline for Microsoft Exchange Server 2007.

This resource is an exciting new addition to the security baselines released earlier this year that can be used in combination with the Security Compliance Manager tool. The Exchange Server 2007 Security Baseline represents some of the most prescriptive and detailed security guidance to date from Microsoft for Exchange Server 2007. It works within the Security Compliance Manager tool, which allows you to use automated tools based on Windows PowerShell to set, customize, and monitor computers running Exchange Server 2007 for compliance with organizational policies.

This baseline will be available for beta review through September 13, 2010.

To download the beta release of the Exchange Server 2007 Security Baseline,

For detailed instructions about how to import the downloaded file into the Security Compliance Manager tool, refer to the program description page: https://connect.microsoft.com/content/content.aspx?ContentID=17624&SiteID=715

Note: The Microsoft Exchange Server 2007 Security Baseline requires Security Compliance Manager (SCM) v1.1. If you are running SCM v1.0, you must upgrade SCM before importing the baseline. Otherwise, the import process will fail.

Security Compliance Manager Baseline Beta Review Program
The Security Solution Accelerators team is developing new baselines and settings, all of which are designed to help your organization plan and deploy security baselines with ease and confidence. These new baselines and supporting best-practice guidance are available as part of the Security Compliance Manager Baseline Beta review program. The scope of this program includes baselines for Exchange Server 2007, Office 2010, SQL Server® 2008, SQL Server 2008 R2, and Windows Server 2008 R2; and setting packs for Windows 7 and Internet Explorer 8.

To learn more about the Security Compliance Manager tool, visit the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=113940
To download the tool, click here: http://go.microsoft.com/fwlink/? LinkId=182512

Security Compliance Manager

The Security Compliance Manager will help you accelerate knowledge to merge best practices, customize once to centralize decision making, and export to multiple formats to enable monitoring, verification, and compliance. The tool is designed to help accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows® client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including Desired Configuration Management (DCM) packs, Security Content Automation Protocol (SCAP), XLS, or Group Policy objects (GPOs)—to export the baselines to your environment to automate the security baseline compliance verification process.

The Security Compliance Manager provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows® client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.

Key Features & Benefits

Centralized Management and Baseline Portfolio: The centralized management console of the Microsoft Security Compliance Manager provides you with a unified, end-to-end user experience to plan, customize, and export security baselines. The tool gives you full access to a complete portfolio of recommended baselines for Windows® client and server operating systems, and Microsoft applications. Additionally, the Security Compliance Manager enables you to quickly update the latest Microsoft baseline releases and take advantage of baseline version control.
Security Baseline Customization: Customizing, comparing, merging, and reviewing your baselines just got easier. Now you can use the new customization capabilities of the Security Compliance Manager to duplicate any of the recommended baselines from Microsoft—for Windows client and server operating systems, and Microsoft applications—and quickly modify security settings to meet the standards of your organization’s environment.
Multiple Export Capabilities: Export baselines in formats like XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP) to enable automation of deployment and monitoring baseline compliance.

Included in the Download

The Security Compliance Manager download includes the following components:

Microsoft_Security_Compliance_Manager_Setup.exe – The Microsoft Security Compliance Manager allows you to view, update, and export security baselines.
LocalGPO.msi – This tool is designed to manage local group policies of a computer such as applying a security baseline and exporting the local Group Policy.

Download the Security Compliance Manager:

http://go.microsoft.com/fwlink/?LinkId=182512

Learn more about the Security Compliance Manager: http://go.microsoft.com/fwlink/?LinkId=113940