Microsoft Security Compliance Manager 4.0 compare policy
Hello to All of you,
I've been given a group policy baseline for window server 2008R2/2012R2 . I need to compare the actual policy with the new baseline.
Carlo
I've been given a group policy baseline for window server 2008R2/2012R2 . I need to compare the actual policy with the new baseline.
- Can you please confirm that Microsoft Security Compliance Manager 4.0 is the right tool for this activity?
- Can I install this tool on a standalone PC with windows 7 and import both policy for the comparison?
Carlo
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Using SCM can do 1 to 1 comparison and you can do standalone and import the GPO.
Another more short summary in SCM steps in http://terrytlslau.tls1.cc/2011/11/comparing-group-policy-by-security.html?m=1
you can import the two GPO in SCM and compare them. You'll see below and can also export the result in an Excel file.https://www.experts-exchange.com/questions/28491092/Microsoft-Security-Compliance-Manager-compare-baseline-to-multiple-GPOs.html
Settings that differ
Settings that match
Settings only in First baseline
Settings only in Second baseline
other then that, to compare with "merged" GPOs which I see it as 1 -N comparison using SCM
Another more short summary in SCM steps in http://terrytlslau.tls1.cc/2011/11/comparing-group-policy-by-security.html?m=1
Hi this is Exellent,
I took your message to my supervisor and he was fine with your message. Surely we will test and eventually implement it.
I have another question regarding SCM 4.0 and I hope you can help as well .
Can SCM 4.0 connect to a remote Windows 2012r2 and perform the comparison of the policy ? in few words avoiding the backup and import manually ?
the goal is to have something similar to nessus ( hopefuly SCM) that perform an audit the policy of all the windows server in the farm and compare them with the Baseline Security Policy .
Thank you
Carlo
I took your message to my supervisor and he was fine with your message. Surely we will test and eventually implement it.
I have another question regarding SCM 4.0 and I hope you can help as well .
Can SCM 4.0 connect to a remote Windows 2012r2 and perform the comparison of the policy ? in few words avoiding the backup and import manually ?
the goal is to have something similar to nessus ( hopefuly SCM) that perform an audit the policy of all the windows server in the farm and compare them with the Baseline Security Policy .
Thank you
Carlo
SCM is local and not supported for comparison against remote machine. Instead you will need other tools besides Nessus such as SCCM to use the SCM baseline to check on machines' compliance.
In ither words, you can use your SCCM infrastructure to compare the settings in a baseline against your SCCM client computers and obtain the comparison results.
http://myitforum.com/myitforumwp/2012/01/23/using-microsoft-security-baselines-with-system-center-configuration-manager/
In ither words, you can use your SCCM infrastructure to compare the settings in a baseline against your SCCM client computers and obtain the comparison results.
http://myitforum.com/myitforumwp/2012/01/23/using-microsoft-security-baselines-with-system-center-configuration-manager/
Premium Content
You need an Expert Office subscription to comment.Start Free Trial