Link to home
Start Free TrialLog in
Avatar of Carletto
CarlettoFlag for Italy

asked on

Microsoft Security Compliance Manager 4.0 compare policy

Hello to All of you,
I've been given a group policy baseline for window server 2008R2/2012R2 . I need to compare the actual policy with the new baseline.
  1. Can you please confirm that Microsoft Security Compliance Manager 4.0 is the right tool for this activity?
  2. Can I install this tool on a standalone PC with windows 7 and import both policy for the comparison?
thank you
Carlo
Avatar of btan
btan

Using SCM can do  1 to 1 comparison and you can do standalone and import the GPO.
you can import the two GPO in SCM and compare them. You'll see below and can also export the result in an Excel file.
Settings that differ
Settings that match
Settings only in First baseline
Settings only in Second baseline
 
other then that, to compare with "merged" GPOs which I see it as 1 -N comparison using SCM
https://www.experts-exchange.com/questions/28491092/Microsoft-Security-Compliance-Manager-compare-baseline-to-multiple-GPOs.html

Another more short summary in SCM steps in http://terrytlslau.tls1.cc/2011/11/comparing-group-policy-by-security.html?m=1
Avatar of Carletto

ASKER

Hi this is Exellent,
I took your message to my supervisor and he was fine with your message. Surely we will test and eventually implement it.

I have another question regarding SCM 4.0 and I hope you can help as well .

Can SCM 4.0 connect to a remote Windows 2012r2 and perform the comparison of the policy ? in few words avoiding the backup and import manually ?

the goal is to have something similar to nessus ( hopefuly SCM) that perform an audit the policy of all the windows server in the farm and compare them with the Baseline Security Policy .    

Thank you
Carlo
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you, it helped me a lot.
Bye
Carlo