This section provides instructions on how to install the Microsoft Security Compliance Manager (SCM) tool. While installing the tool, you can configure it to download all of the latest security baselines from Microsoft,
or after completing the installation you can access the File, Check for Update menu to check for baselines.
Note The download process for SCM automatically installs SQL Server 2008 Express Edition on your computer if you do not already have this software.
To download and install SCM
Note There is also an option on this page to print the license agreement for this software if you want to make a copy for your reference.
Important You cannot cancel the setup wizard after you start the installation process for the SQL Server Express and SCM.
Note The installation process may take awhile to complete.
The SCM Console provides you with a single point of access to work with the recommended security baselines from Microsoft for your security environment. The console also provides access to supporting documentation to help
you make informed decisions about how to customize the security baselines to meet your organization's security requirements.
To access the SCM Console
The SCM Console Welcome page displays the three panes that you use to import, customize, deploy, and monitor your security baselines. These are:
For more information about the tool interface, and how to use various features of the tool, see the
Help Topics link, under Help section of the actions pane.
Please direct questions and comments to
Security Solutions Questions & Feedback.
Requirements for this tool? (OS, HW, account permissions, service account?)
Should be run on server or client?
Can we use an existing SQL instance creating a new database for this tool?
This is a great tool! A database as a requirement to run this tool might sound peculiar but it is definitely worth it. It is a real accelerator when creating tailored policies for your environment. Well done! Category: Essential
Ed Price - MSFT edited Revision 6. Comment: Amazing article! Added the TOC.
Congratulations on being featured on the front page of TechNet Wiki!
The installer that comes with 2.5 is broken. I'm trying to install in a Server 2003 environment and it failed to install with no explanation. I looked at the batch file from the files extraction "scm_install_prereq_checker.bat" which has significantly changed since the last version. The check for VC++ redistro fails because in a stock Server 2003 environment the WMI class Win32_Product does not exist and so the script will crash and burn resulting in you not being able to install. Here is the check from the batch file.
WMIC Path Win32_Product Get IdentifyingNumber /Value results in Invalid class
For Server 2003 you need to go to Add/Remove->Windows Components and add "WMI Windows Installer Provider". This should be added to a 'requirements' section. Additionally since the check fails it will try to reinstall VC++ even though you have it.
Nice work. Very helpful SCM info.
Good article, but I find getting to this point is pretty straightforward - it's the next steps that I get into trouble over. A TLG for the SCM would be really helpful - how to incorporate it's use into a domain would be helpful.
Having the solution accelerator is nice and I intend to work on getting the SCCM 2012 integration put into practice, but sometimes all you need are the Word documents. This is a bit of a burdensome process just to get those.