Pau Lo
asked on
SCCM Audit
We are due to implement system centre configuration manager in our business. I have read some basic links on this. It seems an admin’s dream. Our 3rd party support have said it can vastly help with managing and securing servers, workstations etc.
They seem to make out once in place there will never be any security issues on such devices? How true is that? Is it nonsense?
What sort of day-to-day management tasks will be required from within SCCM to ensure best practice security and management is in place. I find it hard to believe any claim that you just install a tool like SCCM and the security then handles itself.
Your thoughts most welcome.
They seem to make out once in place there will never be any security issues on such devices? How true is that? Is it nonsense?
What sort of day-to-day management tasks will be required from within SCCM to ensure best practice security and management is in place. I find it hard to believe any claim that you just install a tool like SCCM and the security then handles itself.
Your thoughts most welcome.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How do SCCM and WSUS "Integrate"?
Is it possble to still have unpatched servers while using SCCM? Or would that be covererd now.
Is it possble to still have unpatched servers while using SCCM? Or would that be covererd now.
they intgrate very well
the highest Software Update Point in the hierarchy needs a local WSUS installation and takes it completly over,
you will notice that the settings in SCCM will be reflected on the WSUS Console.
the highest Software Update Point in the hierarchy needs a local WSUS installation and takes it completly over,
you will notice that the settings in SCCM will be reflected on the WSUS Console.
I agree, as a fellow sys admin, cant imagine running without. BUT to say that "There will NEVER be ANY security issues..." Is a hell of a statement!
There is a great blog/article here on SCCM and baselines. A great step towards security compliance....
ASKER
Can I just ask though.
Say you set a security baseline for workstations and it includes all the best practice secrity admin settings. If SCCM identifies a non compliant server or workstation.
Does it "autoresolve" the problem? Or just flag it as an issue for a technican to go an MANUALLY fix?
Autoresolving could cause more harm than good I suspect.
Say you set a security baseline for workstations and it includes all the best practice secrity admin settings. If SCCM identifies a non compliant server or workstation.
Does it "autoresolve" the problem? Or just flag it as an issue for a technican to go an MANUALLY fix?
Autoresolving could cause more harm than good I suspect.
ASKER
And also, can you stll find unpatched servers/workstations in a domain running SCCM?
If so, how?
If so, how?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>>There's no self repair when a client is not compliant, but you could build collection structures and programs which then runs on the non-compliant system and repairs them, or protects them again.
Thanks, so I assume SCCM flags up or can produce non compliance reports for clients that dont meet the baseline?
Thanks, so I assume SCCM flags up or can produce non compliance reports for clients that dont meet the baseline?
ASKER
Will SCCM cover mcafee anti-virus, or could it, and what about 3rd prty software like adobe reader?
Or is SCCM windows/MS only?
Or is SCCM windows/MS only?
>> Thanks, so I assume SCCM flags up or can produce non compliance reports for clients that dont meet the baseline?
Yes there already exists some pre-defined reports
>>Will SCCM cover mcafee anti-virus, or could it, and what about 3rd prty software like adobe reader?
1. There's a SCCM extension for Forefront Endpoint Protection
2. For 3rd Party Software you could build packages to deploy updates or integrate them into the Software Update Feature with the System Center Update Publisher
Yes there already exists some pre-defined reports
>>Will SCCM cover mcafee anti-virus, or could it, and what about 3rd prty software like adobe reader?
1. There's a SCCM extension for Forefront Endpoint Protection
2. For 3rd Party Software you could build packages to deploy updates or integrate them into the Software Update Feature with the System Center Update Publisher
ASKER
Cheers
ASKER
Not being a windows admin or SCCM admin myself, I'd like to no the kind of day to day tasks still required in terms of security management with SCCM.
I suspect SCCM aids the security/management process - but still requires admin tasks to ensure this security/management is what is seen in practice.
What would an SCCM admin be required to do each day to maintain the security and management of these devices?