Microsoft Security Compliance Manager 4.0 compare policy

Carlo
Carlo used Ask the Experts™
on
Hello to All of you,
I've been given a group policy baseline for window server 2008R2/2012R2 . I need to compare the actual policy with the new baseline.
  1. Can you please confirm that Microsoft Security Compliance Manager 4.0 is the right tool for this activity?
  2. Can I install this tool on a standalone PC with windows 7 and import both policy for the comparison?
thank you
Carlo
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
btanExec Consultant
Distinguished Expert 2018

Commented:
Using SCM can do  1 to 1 comparison and you can do standalone and import the GPO.
you can import the two GPO in SCM and compare them. You'll see below and can also export the result in an Excel file.
Settings that differ
Settings that match
Settings only in First baseline
Settings only in Second baseline
 
other then that, to compare with "merged" GPOs which I see it as 1 -N comparison using SCM
https://www.experts-exchange.com/questions/28491092/Microsoft-Security-Compliance-Manager-compare-baseline-to-multiple-GPOs.html

Another more short summary in SCM steps in http://terrytlslau.tls1.cc/2011/11/comparing-group-policy-by-security.html?m=1

Author

Commented:
Hi this is Exellent,
I took your message to my supervisor and he was fine with your message. Surely we will test and eventually implement it.

I have another question regarding SCM 4.0 and I hope you can help as well .

Can SCM 4.0 connect to a remote Windows 2012r2 and perform the comparison of the policy ? in few words avoiding the backup and import manually ?

the goal is to have something similar to nessus ( hopefuly SCM) that perform an audit the policy of all the windows server in the farm and compare them with the Baseline Security Policy .    

Thank you
Carlo
Exec Consultant
Distinguished Expert 2018
Commented:
SCM is local and not supported for comparison against remote machine. Instead you will need other tools besides Nessus such as SCCM to use the SCM baseline to check on machines' compliance.

In ither words, you can use your SCCM infrastructure to compare the settings in a baseline against your SCCM client computers and obtain the comparison results.
http://myitforum.com/myitforumwp/2012/01/23/using-microsoft-security-baselines-with-system-center-configuration-manager/

Author

Commented:
Thank you, it helped me a lot.
Bye
Carlo

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial