The Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage the computers in your environment and your private cloud using Group Policy and Microsoft System Center Configuration Manager.
SCM includes the LocalGPO tool which allows you to manage the local group policy objects (LGPO) on non-domain joined computers.
- use LocalGPO to back-up the LGPO from a stand-alone machine.
- use it to apply the settings from a GPO backup to other computers, this includes GPO backups created by LocalGPO, SCM, or the Active Directory Domain Services GPO backups created with the Group Policy Management Console.
Easy configure computers running Windows Server 2012, Windows 8, Microsoft Office applications, and Windows Internet Explorer 10 with industry leading knowledge and fully supported tools.
In addition to the latest software releases, you can also configure previous additions of Windows Server and Microsoft Office.
SCM provides ready to deploy policies and Desired Configuration Management (DCM) Configuration Packs that are tested and fully supported.
DCM provides organizations with a way to easily scan their networks for compliance using System Center Configuration Manager.
These baselines are founded on Microsoft Security Guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and manage risk for potential security threats. Some of the key features of
- Integration with the System Center 2012 Process Pack for IT governance, risk management, and compliance: Product configurations items provide oversight and reporting of compliance activities.
- Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
- Stand-alone machine configuration: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
- Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help manage the security risks that you consider to be the most important.
- Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems.
- Baselines based on Microsoft security guide recommendations and industry best practices: These baselines are designed to help you manage configuration drift, address compliance requirements, and reduce security threats.
- Centralized security baseline management features: These include a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.
When you run SCM for the first time, it will download the latest baselines available spanning a wide range of Microsoft products including Windows desktop and server Operating Systems, Office, Internet Explorer and Exchange.
All the Supported Products with baselines can be found in the right-hand pane of the SCM dashboard.
You can also add your own existing Group Policies to SCM by importing them from a backup.
Overview of SCM:
SCM includes a detailed security guide for each product, in several well know formats like Word/Excell/URL, that serves as a handy reference with step-by-step procedures, tools and recommendations for strengthening security for that particular OS or application.
To customize a setting, you create a duplicate of the baseline, which you can then edit. The copy will appear in the left pane, at the top of the tree under “Custom Baselines,”
There is also a Compare and Merge feature that you can use to see the differences between two baselines
All changes have a detailed description that can be viewed with ease.
Security Compliance Manager is now at version 3.0 and with SCCM works hand in hand in strengthening security for all our clients via best practice from all major organizations.