Entrar
 
HomeBibliotecaWikiAprenderGaleriaDownloadsSuporte ComunidadeFóruns
Note: Forums will be making significant UX changes to address key usability improvements surrounding search, discoverability and navigation. To learn more about these changes please visit the announcement which can be found HERE.
Recursos para Profissionais de TI >
how to deal with SCM?

הצעה לתשובה how to deal with SCM?

  • quinta-feira, 15 de março de 2012 16:39
     
     
    Entrar para Votar
    0

    Нello,

    It's clear to me how to harden winServer2003 with security configuration wizard and security templates.

    But  I'm a bit lost with SCM.

    I have no SCCM and just wanna harden my DC.

    Is the plan correct: export default DC policy to a file and import it to SCM. Then accociate imported policy with Windows Server 2008R2 SP1. Then merge imported policy with Domain Controller Policy baseline. Export and deploy customized policy on DC server.

    How should I resolve conflicts while merging?




    • Editado zaa quinta-feira, 15 de março de 2012 18:05
    •  
     

Todas as Respostas

  • segunda-feira, 19 de março de 2012 15:55
    Proprietário
     
     Resposta Proposta
    Entrar para Votar
    1

    Zaa;

    Your plan should work. You don't have to import your existing group policies that apply to your DCs, that's an optional step. You could leave them alone and simply customize the settings in a baseline within SCM, then export it as a group policy backup, import that GP backup into a new GPO using the GPMC, and link the GPO to the DC container. How should you resolve conflicts? you need to decide which value is appropriate for your environment, I can't answer that question becuase I know nothing about your business requirements, regulatory requirements, etc.

    You don't need to worry about SCCM if all you want to do is apply security baselines, SCCM only comes into play if you want to scan systems for compliance with the baselines.

    Kurt

    Kurt Dillard http://www.kurtdillard.com

     
  • quinta-feira, 22 de março de 2012 04:44
     
     
    Entrar para Votar
    0

    and what about additional server roles that my DC holds? Should I deploy DNS, DHCP, File Services baselines the same way? It looks better for me to merge them into a single GPO and then link them to DC.

     
  • segunda-feira, 26 de março de 2012 19:14
    Proprietário
     
     Resposta Proposta
    Entrar para Votar
    1

    Zaa;

    You could go either way. Merging them should be simple because those roles only include system services settings in the SCM baselines and the DC role already enables the services needed for the DNS and File Services roles.

    kurt

    Kurt Dillard http://www.kurtdillard.com