Microsoft Security Compliance Manager 4.0 compare policy

Hello to All of you,
I've been given a group policy baseline for window server 2008R2/2012R2 . I need to compare the actual policy with the new baseline.
  1. Can you please confirm that Microsoft Security Compliance Manager 4.0 is the right tool for this activity?
  2. Can I install this tool on a standalone PC with windows 7 and import both policy for the comparison?
thank you
Carlo
CarloAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Using SCM can do  1 to 1 comparison and you can do standalone and import the GPO.
you can import the two GPO in SCM and compare them. You'll see below and can also export the result in an Excel file.
Settings that differ
Settings that match
Settings only in First baseline
Settings only in Second baseline
 
other then that, to compare with "merged" GPOs which I see it as 1 -N comparison using SCM
https://www.experts-exchange.com/questions/28491092/Microsoft-Security-Compliance-Manager-compare-baseline-to-multiple-GPOs.html

Another more short summary in SCM steps in http://terrytlslau.tls1.cc/2011/11/comparing-group-policy-by-security.html?m=1
CarloAuthor Commented:
Hi this is Exellent,
I took your message to my supervisor and he was fine with your message. Surely we will test and eventually implement it.

I have another question regarding SCM 4.0 and I hope you can help as well .

Can SCM 4.0 connect to a remote Windows 2012r2 and perform the comparison of the policy ? in few words avoiding the backup and import manually ?

the goal is to have something similar to nessus ( hopefuly SCM) that perform an audit the policy of all the windows server in the farm and compare them with the Baseline Security Policy .    

Thank you
Carlo
btanExec ConsultantCommented:
SCM is local and not supported for comparison against remote machine. Instead you will need other tools besides Nessus such as SCCM to use the SCM baseline to check on machines' compliance.

In ither words, you can use your SCCM infrastructure to compare the settings in a baseline against your SCCM client computers and obtain the comparison results.
http://myitforum.com/myitforumwp/2012/01/23/using-microsoft-security-baselines-with-system-center-configuration-manager/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CarloAuthor Commented:
Thank you, it helped me a lot.
Bye
Carlo
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.