Archive

Archive for the ‘Security Compliance Manager’ Category

Security Compliance Manager 4.0 now available for download!

July 28th, 2016 No comments

The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly configure, and manage the computers in your environment using Group Policy and Microsoft System Center Configuration Manager. This version of SCM supports Windows 10, and Windows Server 2016.

You can easily configure computers running Windows 10 and Windows Server 2016 based on Microsoft Recommended Security Baselines and industry best practices.

You can download SCM 4.0 here.

Updates include:

  • Support for existing Windows 10 version 1507, and Windows 10 version 1511 security baselines
  • Support for upcoming Windows 10 version 1607, and Windows Server 2016
  • Bug fixes for ‘Compare’ and ‘Simple View’ features in SCM

The latest version of SCM offers all the same great features as before, plus bug fixes, and added support for upcoming baselines. SCM 4.0 provides a single location for creating, managing, analyzing, and customizing baselines to secure your environment quicker and more efficiently. In addition to the latest software releases, you can also configure previous additions of Windows client, Server, and Microsoft Office.

SCM provides DCM 2007 configuration packs that allow you to manage configuration drifts using Microsoft System Center Configuration Manager. Microsoft’s Operations Management Suite also supports monitoring for Security Baselines in your Server environments.

Windows 10 SCM beta is now live!

November 2nd, 2015 No comments

Hello,
We have just completed the release process for the Security Compliance Manager (SCM) Beta security baseline for Windows 10 and the baseline is now ready for download!
This is a public beta and anyone with a Microsoft account can download…(read more)

Windows 10 SCM beta is now live!

November 2nd, 2015 No comments

Hello,
We have just completed the release process for the Security Compliance Manager (SCM) Beta security baseline for Windows 10 and the baseline is now ready for download!
This is a public beta and anyone with a Microsoft account can download…(read more)

Windows 10 SCM beta is now live!

November 2nd, 2015 No comments

Hello,

We have just completed the release process for the Security Compliance Manager (SCM) Beta security baseline for Windows 10 and the baseline is now ready for download!

This is a public beta and anyone with a Microsoft account can download this baseline and give us feedback. 

Anyone who wishes to download the beta should visit the beta registration page and sign in with your Microsoft account.  Once you are registered for the program, and you have completed our mandatory survey, you should then have access to download the Baseline CAB as well as the Attachment CAB (both files are important).  Once you have these CABs you can then open up the SCM tool, and select the import option and import those CAB files into the tool:


If you have questions, comments or feedback regarding this release, please e-mail secwish@microsoft.com or submit your feedback on our Connect page here.

Also note, in the release notes there are a couple of important items that I want to highlight here.

  • The “Audit PNP Activity” Advanced Auditing policy is not included in this baseline. The Microsoft prescribed value for this policy is “Success”. Manually add this policy with the prescribed value to your Group Policy Objects based on the Microsoft Windows 10 Security Compliance Baseline.   

  • The “Audit Group Membership” Advanced Auditing policy is not included in this baseline. The Microsoft prescribed value for this policy is “Success”. Manually add this policy with the prescribed value to your Group Policy Objects based on the Microsoft Windows 10 Security Compliance Baseline.  

Thanks,

Pat

Windows 10 and Security Compliance Manager (SCM) Baselines

August 5th, 2015 No comments

Hello,
We have been receiving quite a few inquiries regarding SCM security baselines for Windows 10. The baselines are currently in development, and have been for a few weeks now and we are targeting a public beta either later this month (August) or…(read more)

Windows 10 and Security Compliance Manager (SCM) Baselines

August 5th, 2015 No comments

Hello,
We have been receiving quite a few inquiries regarding SCM security baselines for Windows 10. The baselines are currently in development, and have been for a few weeks now and we are targeting a public beta either later this month (August) or…(read more)

Windows 10 and Security Compliance Manager (SCM) Baselines

August 5th, 2015 No comments

[UPDATE: The draft guidance has been published here.]

Hello,

We have been receiving quite a few inquiries regarding SCM security baselines for Windows 10.  The baselines are currently in development, and have been for a few weeks now and we are targeting a public beta either later this month (August) or September. 

The Windows 10 baseline will also include security settings for our new Edge browser, so you will be able to manage both the machine, user and now browser security settings from a single baseline. 

Watch this space for updates as well as release information as to how you can participate in the public beta.

Thanks,

Pat Fetty

Principal PM Manager

Enterprise Client and Mobility

Blocking Remote Use of Local Accounts

September 3rd, 2014 No comments

The use of local accounts for remote access in Active Directory environments is problematic for a number of reasons. By far, the biggest problem is that when an administrative local account has the same user name and password on multiple machines, an…(read more)

Blocking Remote Use of Local Accounts

September 3rd, 2014 No comments

The use of local accounts for remote access in Active Directory environments is problematic for a number of reasons. By far, the biggest problem is that when an administrative local account has the same user name and password on multiple machines, an…(read more)

What’s New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11

August 16th, 2014 No comments

The attachment on this post describes what's new in the security baseline recommendations for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11, relative to the baselines published for Windows 8, Windows Server 2012 and Internet Explorer…(read more)

What’s New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11

August 16th, 2014 No comments

The attachment on this post describes what's new in the security baseline recommendations for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11, relative to the baselines published for Windows 8, Windows Server 2012 and Internet Explorer…(read more)

Configuring Account Lockout

August 14th, 2014 No comments

We can recommend an ideal configuration for most of the settings in our security guidance. For example, the “Debug programs” privilege should be granted to Administrators and to no one else. For account lockout, however, there is no “one…(read more)

Configuring Account Lockout

August 14th, 2014 No comments

We can recommend an ideal configuration for most of the settings in our security guidance. For example, the “Debug programs” privilege should be granted to Administrators and to no one else. For account lockout, however, there is no “one…(read more)

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta

August 14th, 2014 No comments

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 since we released the beta version of our guidance last April. This blog post discusses those changes and the reasons…(read more)

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

August 14th, 2014 No comments

Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11. Some of the highlights of the new security baselines (many of which we intend to backport to older versions…(read more)

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta

August 14th, 2014 No comments

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 since we released the beta version of our guidance last April. This blog post discusses those changes and the reasons…(read more)

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

August 14th, 2014 No comments

Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11. Some of the highlights of the new security baselines (many of which we intend to backport to older versions…(read more)

SCM baselines for Office 2013 have now shipped!

June 25th, 2014 No comments

Hello,
The Office 2013 SCM baselines are now live and ready for download.
There are 2 ways you can download the CAB files. The simplest will be to open the SCM tool and it will automatically discover that there are new baselines available to download…(read more)

SCM baselines for Office 2013 have now shipped!

June 25th, 2014 No comments

Hello,
The Office 2013 SCM baselines are now live and ready for download.
There are 2 ways you can download the CAB files. The simplest will be to open the SCM tool and it will automatically discover that there are new baselines available to download…(read more)

Why We’re Not Recommending “FIPS Mode” Anymore

April 7th, 2014 No comments

In the latest review of the official Microsoft security baselines for all versions of Windows client and Windows Server, we decided to remove our earlier recommendation to enable “FIPS mode”, or more precisely, the security option called “System…(read more)