Security Compliance Manager (SCM) provides security baseline management for organizations. In this post, we will see Security Compliance Manager Installation Video Guide. SCM helps to accelerate your organization’s ability to efficiently manage the security and compliance process. SCM is mainly used to setup the security and compliance baseline for Microsoft technologies. SCM includes support for Server Operating Systems, Client Operating Systems, IE, Office, Exchange and Microsoft MCS USGCB (United States Government Configuration Baseline. Security Compliance Manager Installation Video helps to install and configure SCM v4.
SCM 4.0 offers support for Windows 10 and Server 2016 baselines, and bug fixes. SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and SCCM. Microsoft Visual C++ 2010 Redistributable, .NET Framework 3.5 and SQL Server 2008 Express got installed during SCM installation. These software are prerequisites for SCM. We need to install .NET framework 3.5 on Windows 10 machine as it comes with .NET Framework 4.0 version. There is a surprise news about the future of SCM releases from Microsoft at the bottom of this post.
SCM V4 Installation and Importing of Default Baselines
The first step after the installation of SCM is importing all the default baselines to database. Default baselines are Windows 7, Windows 2012, Exchange and Internet Explorer. Windows 10 and Server 2016 baselines won’t get imported automatically to SCM DB. We need to manually import Windows 10 1607, Server 2016 and Server 2012 R2 baselines to SCM DB.
Download and Import windows 10 1607 Baseline
From SCM V 4.0 version home page, we can select “Download Microsoft Baseline automatically” to download and import Windows 10 1607 baseline. This is explained in the video tutorial. Windows 10 1607 Security compliance baseline contains BitLocker Security, Computer security compliance, Credential guard security, Domain security compliance and user security compliance.
Define Security policy for your Organization
Windows 10 1607 domain security compliance 1.0 has loads of critical severity settings. This page of SCM shows us the default values of Windows 10 1607 OS. It also gives us Microsoft recommended value for each security settings. There are two segregation in this baseline and those are account lock and password attribute.
If I take an example of “Password attributes” –> Minimum Password age, then there are 3 values 1. Default 2. Microsoft and 3. Customized. For example, the values Microsoft column in Windows 10 1607 baseline is the one I would like to implement as security policies for an organization.
Security Compliance Manager (SCM) retired; new tools and procedures – here