Microsoft Security Compliance Manager (Intro)
The product looked very interesting so decided to give it a go.. (its free no objections!!)
Prerequisites:
- Windows 2008 R2 SP1 box
- Microsoft .NET Framework 4
- Security Compliance Manager
Play time:
Go ahead and install the above in the order mentioned. When you reach the SCM point it will need to install SQL Server Xpress as well so go ahead and do that as well.
When the install finished the SCM will pop-up and all the basic Baselines will be imported (woohoo we are on our way!)
As you can see there is a considerable amount of work that has been done here.. you have templates for pretty much all the supported versions of windows (you must be crazy running anything outside of that matrix in your production environment!).
In addition to that each version has been categorized according to server functions (roles to use the MS language...) so its very easy to select the one you want and Duplicate (link on the column) so you can edit it further to your liking!
Moving from the customization subject which I will be coming back to later on, in the Start menu of the SCM you will see that LocalGPO is included. Go ahead and install it to the targeted systems so it can be used later on to deploy the custom Local Policy configs we will build.
When its done you can open your Powershell and go to Program Files (x86)\LocalGPO where you can find LocalGPO.wsf (simple run will give you a pop-up menu with the instructions).
The main reason behind LocalGPO is that its the only free way of distributing what we will do on SCM. The other ways all include System center which is not for everybody :P
That's all for now.. will come back to that later on.
Prerequisites:
- Windows 2008 R2 SP1 box
- Microsoft .NET Framework 4
- Security Compliance Manager
Play time:
Go ahead and install the above in the order mentioned. When you reach the SCM point it will need to install SQL Server Xpress as well so go ahead and do that as well.
When the install finished the SCM will pop-up and all the basic Baselines will be imported (woohoo we are on our way!)
As you can see there is a considerable amount of work that has been done here.. you have templates for pretty much all the supported versions of windows (you must be crazy running anything outside of that matrix in your production environment!).
In addition to that each version has been categorized according to server functions (roles to use the MS language...) so its very easy to select the one you want and Duplicate (link on the column) so you can edit it further to your liking!
Moving from the customization subject which I will be coming back to later on, in the Start menu of the SCM you will see that LocalGPO is included. Go ahead and install it to the targeted systems so it can be used later on to deploy the custom Local Policy configs we will build.
When its done you can open your Powershell and go to Program Files (x86)\LocalGPO where you can find LocalGPO.wsf (simple run will give you a pop-up menu with the instructions).
The main reason behind LocalGPO is that its the only free way of distributing what we will do on SCM. The other ways all include System center which is not for everybody :P
That's all for now.. will come back to that later on.