Pau Lo
asked on
security compliance manager
1) Is security compliance manager a part of SCCM?
2) Is it “free” as part of SCCM, or additional licence fees? Or does it just come as default?
3) How does it work, i.e. how does it enforce a baseline policy against each PC, or is it more a tool to identify a non-compliance machine, as opposed to a similar process to group policy?
4) How can you see non compliant machines from a central console, and once identified, what steps does the admin need to take to make that machine compliant, can this all be done centrally?
Prefer your comments if you use security compliance manager as opposed to just a link.
2) Is it “free” as part of SCCM, or additional licence fees? Or does it just come as default?
3) How does it work, i.e. how does it enforce a baseline policy against each PC, or is it more a tool to identify a non-compliance machine, as opposed to a similar process to group policy?
4) How can you see non compliant machines from a central console, and once identified, what steps does the admin need to take to make that machine compliant, can this all be done centrally?
Prefer your comments if you use security compliance manager as opposed to just a link.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if we talk about using tampered baseline to do a check, this is just like any insider threats. Rightfully all the audit logging of event should be captured to deter and eventually help trace back. No full proof solution help privileged identity mgmt still need to be plan out. SCCM does it work well with the desired configuration to check .... who guards the guards...
ASKER
Am I right in thinking all SCCM would do is say
"the change the admin made now makes this machine non-compliant to the baseline"
it doesnt prevent the change being made on the machine?
correct?