Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

security compliance manager

1) Is security compliance manager a part of SCCM?

2) Is it “free” as part of SCCM, or additional licence fees? Or does it just come as default?

3) How does it work, i.e. how does it enforce a baseline policy against each PC, or is it more a tool to identify a non-compliance machine, as opposed to a similar process to group policy?

4) How can you see non compliant machines from a central console, and once identified, what steps does the admin need to take to make that machine compliant, can this all be done centrally?  

Prefer your comments if you use security compliance manager as opposed to just a link.
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of btan
btan
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pau Lo
Pau Lo

ASKER

Ok thanks, but having a baseline is just a standard, it doesnt prevent an admin changing a setting so it falls outside the baseline?

Am I right in thinking all SCCM would do is say

"the change the admin made now makes this machine non-compliant to the baseline"

it doesnt prevent the change being made on the machine?

correct?
Avatar of btan
btan
if we talk about using tampered baseline to do a check, this is just like any insider threats. Rightfully all the audit logging of event should be captured to deter and eventually help trace back. No full proof solution help privileged identity mgmt still need to be plan out. SCCM does it work well with the desired configuration to check .... who guards the guards...