Link to home
Create AccountLog in
Avatar of Pau Lo
Pau Lo

asked on

SCCM Audit

We are due to implement system centre configuration manager in our business. I have read some basic links on this. It seems an admin’s dream. Our 3rd party support have said it can vastly help with managing and securing servers, workstations etc.

They seem to make out once in place there will never be any security issues on such devices? How true is that? Is it nonsense?

What sort of day-to-day management tasks will be required from within SCCM to ensure best practice security and management is in place. I find it hard to believe any claim that you just install a tool like SCCM and the security then handles itself.

Your thoughts most welcome.
ASKER CERTIFIED SOLUTION
Avatar of Neil Russell
Neil Russell
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Pau Lo
Pau Lo

ASKER

I agree Neil - do you use SCCM yourself?

Not being a windows admin or SCCM admin myself, I'd like to no the kind of day to day tasks still required in terms of security management with SCCM.

I suspect SCCM aids the security/management process - but still requires admin tasks to ensure this security/management is what is seen in practice.

What would an SCCM admin be required to do each day to maintain the security and management of these devices?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of Pau Lo

ASKER

How do SCCM and WSUS "Integrate"?

Is it possble to still have unpatched servers while using SCCM? Or would that be covererd now.
they intgrate very well

the highest Software Update Point in the hierarchy needs a local WSUS installation and takes it completly over,
you will notice that the settings in SCCM will be reflected on the WSUS Console.


I agree, as a fellow sys admin, cant imagine running without. BUT to say that "There will NEVER be ANY security issues..." Is a hell of a statement!
There is a great blog/article here on SCCM and baselines. A great step towards security compliance....
Avatar of Pau Lo

ASKER

Can I just ask though.

Say you set a security baseline for workstations and it includes all the best practice secrity admin settings. If SCCM identifies a non compliant server or workstation.

Does it "autoresolve" the problem? Or just flag it as an issue for a technican to go an MANUALLY fix?

Autoresolving could cause more harm than good I suspect.
Avatar of Pau Lo

ASKER

And also, can you stll find unpatched servers/workstations in a domain running SCCM?

If so, how?
SOLUTION
Avatar of merowinger
merowinger
Flag of Germany image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of Pau Lo

ASKER

>>There's no self repair when a client is not compliant, but you could build collection structures and programs which then runs on the non-compliant system and repairs them, or protects them again.


Thanks, so I assume SCCM flags up or can produce non compliance reports for clients that dont meet the baseline?
Avatar of Pau Lo

ASKER

Will SCCM cover mcafee anti-virus, or could it, and what about 3rd prty software like adobe reader?

Or is SCCM windows/MS only?
>> Thanks, so I assume SCCM flags up or can produce non compliance reports for clients that dont meet the baseline?
Yes there already exists some pre-defined reports

>>Will SCCM cover mcafee anti-virus, or could it, and what about 3rd prty software like adobe reader?
1. There's a SCCM extension for Forefront Endpoint Protection
2. For 3rd Party Software you could build packages to deploy updates or integrate them into the Software Update Feature with the System Center Update Publisher
Avatar of Pau Lo

ASKER

Cheers