Security Configuration Manager 3.0 Released, Supports Windows 8
Microsoft released Security Configuration Manager (SCM) 3.0 last week, which adds support for Windows 8, Windows Server 2012 and Internet Explorer 10.
SCM is a no-cost tool that's part of Microsoft's "solution accelerators" series. It allows IT pros to push best practices configuration settings into their Microsoft software installations. While SCM is free to use, the actual policy settings get monitored using Microsoft System Center Configuration Manager, which isn't a free tool.
SCM is packed with Microsoft's best practice recommendations for security, as well as those of government and industry. For instance, the Center for Internet Security (CIS), a nonprofit organization that collaborates with government and corporate members, including the U.S. Department of Homeland Security, announced this week that it worked with Microsoft on security configuration guidance for Windows 8, Windows Server 2012 and Internet Explorer 10. CIS has produced its own secure configuration benchmarks, which can be downloaded for free (requires sign-up). However, those same CIS best practice guidelines are also available through Microsoft's SCM solution, according to a CIS announcement.
The CIS best practices documents come in list form in fairly hefty publications. For instance, the Windows 8 benchmarks document alone is 587 pages in length. Microsoft's idea with SCM is that it can be used either as a research tool on policy specifics, or it can be used as quick way to create a Group Policy Object in Active Directory based on baseline security recommendations for configuration settings. In essence, Microsoft devised SCM as a way to free IT pros from having to manually configure security settings using long documents. The basic concept of SCM and its origins are described in this Microsoft video.
SCM is a standalone offline tool where you set things in Group Policy Objects and get the reporting back through System Center Configuration Manager. According to Microsoft, SCM is the only tool available to convert a Group Policy Object to a desired configuration management (DCM) pack. The DCM format is Microsoft's preferred format for use in System Center Configuration Manager, although other formats are supported.
This 3.0 release of SCM, in addition to supporting the latest Microsoft flagship operating system products, will let users take a snapshot of a reference machine using an organization's existing Group Policy. Configurations can now be pushed to non-domain-joined machines. Users have additional ability to better customize the baselines for Windows Server 2008 R2 Service Pack 1 and Windows 7 SP1 using release SCM 3.0, according to a Microsoft blog post.
SCM 3.0 can be downloaded at this page.
Kurt Mackie is online news editor for the 1105 Enterprise Computing Group.