I have been involved in testing all aspects of Microsoft Group Policy for awhile, but I really never gave Microsoft’s Security Compliance Manager too much time, until now. I decided if I was going to really master Group Policy and everything it has to offer, that I need to utilize all the different utilities out there that Microsoft offers. I know there are many great third-party tools, but Microsoft has always offered many extra add-ons and Security Compliance Manager is one of my favorite. First I am going to discuss the old version of SCM v2.5. SCM is basically a package that you can install on your Main Administration computer which brings along a collection of Microsoft Baselines for Windows XP, Vista, 7, Server 2003, and 2008. These baselines are a combination of group policy settings that have been developed by Microsoft to offer a secure and compliant baseline for Windows XP, Windows 7, Internet Explorer 8, Microsoft Exchange 2007 & 2010, Office etc.
The Security Compliance Manager 2.5 includes all Operating Systems and Applications up to Windows 7 SP1 and Office 2010. You are able to explore the settings put into place in each of the baselines, before duplicating them, and then editing each of the settings to better resemble what you need in place for the networks that you are administering. SCM allows you to export the baselines to a Excel Workbook (.xlsm), a GPO Backup, SCAP v1.0(.cab), SCCM DCM 2007 (.cab), or a SCM (.cab). I have found the easiest one to work with in order to import the settings directly into the group policy management editor to be the GPO Backup.
I had just installed SCM v2.5 on my laptop when I thought about searching for a new version for Windows 8 and Server 2012. I then found out that in order to get the update you must join a Microsoft Connect Beta Program. So basically all you have to do is sign up and then you can download the SCM v3.0 Beta refresh. Microsoft describes the program like this … “Secure your environment with new product baselines for Windows Server 2012, Windows 8, and Windows Internet Explorer 10. The beta releases of Security Compliance Manager (SCM) 3.0 provide all the same great features for these new baselines, as well as an enhanced setting library for these new Microsoft products. The beta releases include fixes that resolve many previously reported issues in the setting library. The updated setting library also gives you the ability to further customize baselines. SCM 3.0 provides a single location for you to create, manage, analyze, and customize baselines to secure your environment faster and more efficiently.”
Note that there are 2 downloads for the SCM 3.0 Beta, the first “SCM 3.0 Beta” is the entire application and the second is “SCM 3.0 Beta Refresh” which is basically updated baselines only that you can import into the application.