Progress of SCM RRS feed

  • Question

  • Has there been any progress on broadening the import functionality of the SCM. Currently I want to be able to import policy form the offerings by the USGCB formerly FDCC that is provided in SCAP and OVAL as well as GPO Back Up formats.                                                                                                                                              

    Monday, February 28, 2011 7:12 PM


All replies

  • 100% Yes. Give it a whirl then tell us what you think.



    Thursday, March 10, 2011 10:18 PM
  • I upgraded the SCM, backed up a GPO from AD and attempted to use the new Import GPO function. It fails with the following information in the error log.

    Import GPO failed with the following errors
    Either Backup.xml or bkupInfo.xml does not exist.

    I tried this twice with seperat objects with the same result.

    The only .xml file within a GPO backup is manifest.xml

    I was sooo hopeful.

    Tuesday, March 15, 2011 7:57 PM
  • Chris! Thanks for trying this out! We really need to see this GPO. Could you please follow these steps and we will jump on it and test your GPO.



      Please send all feedback in email: SecWish@microsoft.com. Be sure to include a zipped up copy of your GPO Backup (if applicable).


    Tuesday, March 15, 2011 9:03 PM
  • try going one level deeper in the directory.


    My experience has been this:

     backup to  C:\testbackup

    under that directory there will the manifest.xml, and for each GPO a (Guid) direcoptry (so  for example   c:\testbackup\{D8A1110D-60B4-40FF-8711-BC1497AC999E}

    when you do an import, browse to the subdirectory, not the root of the backup.   I did expect the imported would read the manifest, present a list of backups, and let you choose whichs ones, but at the moment it doesn't seem to work that way.


    Of course, to make it fun my imports fail anyway with


    Value cannot be null.
    Parameter name: value

    Value cannot be null.
    Parameter name: value
    Program Location:

    at Microsoft.SecurityComplianceManager.ClientObjects.Settings.Setting.set_DisplayName(String value)
       at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreateIncompleteSetting(String uiPath, String displayName, String value)
       at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolSettingFromSectionNameAndKey(String path, String keyName, String dataType, String value)
       at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolMachineSettings(List`1 polMachineSettingsValues)
       at Microsoft.SecurityComplianceManager.ImportGPO.ImportGPOCommon.ImportGpoFromFolder(String folderPath)

    got a bit more testing to do, then sending my gpo backups off to SecWish


    Tuesday, March 15, 2011 9:54 PM
  • Please get these emailed over to us so we can triage the failures. :) We'd love to see what is failing and fix it. Thanks for the help!


    Tuesday, March 15, 2011 11:50 PM
  • Just saw your email, thanks! :) My test lead will be replying soon confirming we got it. Rock on...


    Wednesday, March 16, 2011 3:15 AM
  • Has a resolution for this been identified?  I get this from most of the policies I import.

    Thursday, April 28, 2011 9:44 PM
  • Same problem here. So far I have only been able to import a small default domain policy. Anything more complex results in an error: Value cannot be null.
    Parameter name: value.

    Same error als SBJ99...


    Friday, April 29, 2011 8:21 AM
  • I never heard back from them, but they do have copies of the GPO's that created the error for me; so hopefully the next release will address it.

    I was hoping for an updated CTP version that addressed the import problem, since it stops any other testing of that feature.  Or at least something like "ok, this particular gpo area is the cause of the issue".


    Btw, just saw Jeff is posting in the comments over on the blog  http://blogs.technet.com/b/secguide/archive/2011/03/10/scm-v2-ctp-available-to-download.aspx, so it may be useful to track that as well.

    Thursday, May 5, 2011 3:19 AM
  • Don't know if this will help, but I was getting this error and it seemed to be related to custom adm policies.  Once I set all of my custom policies to undefined, the policy imported fine.  I know this isn't a real solution, but may help kick the ball a little further down the road until they come up with the "REAL" solution.

    Wednesday, May 18, 2011 2:40 AM
  • Any progress on this?  we are also getting the error.  We exported the default domain policy to our desktop (Default domain policy), then inside that we have the SID number {1234567-8910-11-12-13-14-15-167899 etc etc}, thne we have inside that three files Backukp.xml, bkupinfo.xml, and gpreoprt.xml.  Also a folder called DomainSysvol.  Inside the folder Domainsysvol, we have a folder called GPO.  Inside GPO we have folders Adm, Machine, User.  I tried the import at all levels, the first level will give me the Import GPO failed with the following errors
    Either Backup.xml or bkupInfo.xml does not exist.


    and the rest of the folders will give me a


    Value cannot be null.
    Parameter name: value

    Friday, June 3, 2011 6:46 PM
  • there might be some movement

    the blog entry here http://blogs.technet.com/b/secguide/archive/2011/03/10/scm-v2-ctp-available-to-download.aspx

    has been updated with this text

    UPDATE: The SCM v2 CTP has been removed from MS Connect pending release of the SCM v2 Beta. Thanks for the patience! -jeff [Jun 22nd, 2011]


    Saturday, June 25, 2011 10:17 AM
  • Monday, June 27, 2011 11:27 PM
  • YES! It's finally live and available for download. Now to get some sleep! :) -jeff

    Monday, June 27, 2011 11:44 PM