O'Reilly logo

Group Policy by Jeremy Moskowitz

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix D Security Compliance Manager

Microsoft has a free tool called Security Compliance Manager (SCM) to help you get your desktops and servers more secure.

Its job is to give you prescriptive guidance from Microsoft, and that advice is automatically download it into the SCM tool. Once it’s there, you can look up Microsoft’s suggestions for how to secure, say, Exchange, Internet Explorer, Microsoft Office, Windows client and server, or anything else for which Microsoft produces a baseline.

A baseline is a collection of suggestions complete with documentation to help you make a system more secure.

If you love Microsoft’s suggestions within the baseline, wonderful. You can export those suggestions as GPOs or other formats (we’ll talk about those later).

If you think the suggestions are “too much” or “too little,” you can copy a particular baseline and then modify the copy. For instance, maybe the Windows 8 Computer Security Compliance baseline has something locked down but you know you need it open. That’s okay. You just copy the Microsoft version of the baseline and make the change in your copy.

Then, once that’s complete, you export your changed version to a GPO (or other format).

The SCM tool, once up and running, looks like Figure D-1.

It’s pretty ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required