Security Configuration Manager 3.0 Released, Supports Windows 8

Microsoft released Security Configuration Manager (SCM) 3.0 last week, which adds support for Windows 8, Windows Server 2012 and Internet Explorer 10.

SCM is a no-cost tool that's part of Microsoft's "solution accelerators" series. It allows IT pros to push best practices configuration settings into their Microsoft software installations. While SCM is free to use, the actual policy settings get monitored using Microsoft System Center Configuration Manager, which isn't a free tool.

SCM is packed with Microsoft's best practice recommendations for security, as well as those of government and industry. For instance, the Center for Internet Security (CIS), a nonprofit organization that collaborates with government and corporate members, including the U.S. Department of Homeland Security, announced this week that it worked with Microsoft on security configuration guidance for Windows 8, Windows Server 2012 and Internet Explorer 10. CIS has produced its own secure configuration benchmarks, which can be downloaded for free (requires sign-up). However, those same CIS best practice guidelines are also available through Microsoft's SCM solution, according to a CIS announcement.

The CIS best practices documents come in list form in fairly hefty publications. For instance, the Windows 8 benchmarks document alone is 587 pages in length. Microsoft's idea with SCM is that it can be used either as a research tool on policy specifics, or it can be used as quick way to create a Group Policy Object in Active Directory based on baseline security recommendations for configuration settings. In essence, Microsoft devised SCM as a way to free IT pros from having to manually configure security settings using long documents. The basic concept of SCM and its origins are described in this Microsoft video.

SCM is a standalone offline tool where you set things in Group Policy Objects and get the reporting back through System Center Configuration Manager. According to Microsoft, SCM is the only tool available to convert a Group Policy Object to a desired configuration management (DCM) pack. The DCM format is Microsoft's preferred format for use in System Center Configuration Manager, although other formats are supported.

This 3.0 release of SCM, in addition to supporting the latest Microsoft flagship operating system products, will let users take a snapshot of a reference machine using an organization's existing Group Policy. Configurations can now be pushed to non-domain-joined machines. Users have additional ability to better customize the baselines for Windows Server 2008 R2 Service Pack 1 and Windows 7 SP1 using release SCM 3.0, according to a Microsoft blog post.

SCM 3.0 can be downloaded at this page.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus