none
Missing Merge Baselines Button RRS feed

  • Question

  • Hi,

    I have installed SCM on two machines now, one on a 2008 R2 SP1 and one on Windows 7.  Why don't I see my merge button on SCM when I compare and merge?  I am using sql express installed on same machine.  Using version SCM 2.5.40.0

    I only have the export to excel button.  It will be very difficult for me to add the settings one by one.

    Did i missed installing anything else?

    Thanks,

    Monday, April 30, 2012 3:02 AM

Answers

All replies

  • Yoyong, you can't merge two baselines that are associated to different products. If you created one of those baselines by importing a GPO then you need to associate it to the same product as the other baseline with which you wish to merge it. In the screenshot above it appears that the 2nd product is one of our baselines for Windows Server 2008 R2. I apologize that the requirements for merging and the steps for associating baselines with products are not more clearly articulated in the help content.

    Kurt


    Kurt Dillard http://www.kurtdillard.com

    Monday, April 30, 2012 3:12 PM
    Moderator
  • Hi Kurt,

    I don't understand, I imported my default domain controller policy on my DC which is running Windows 2008 R2 SP1.  The recommended baseline I am trying to merge with is for 2008 R2 SP1 Domain controllers.  It does not make sense to me why I am not allowed to merge the two GPOs together.

    If it is not possible, what is the best method to take an existing GPO we have and merging it with recommended settings from MS baselines?  Will I have to add the recommended settings 1 by 1 from the recommended baseline to my default domain controller and Domain GPOs to match them?

    Thanks

    Wednesday, May 2, 2012 7:56 AM
  • Hi Kurt,

    I got it.  I need to associate it to the product and use the output to merge with the default baselines.  Hope they can update the information soon regarding this.

    Thanks,


    Wednesday, May 2, 2012 10:23 AM
  • Hi Kurt,

    I have managed to merge my baselines from the recommended baselines on MS with a few customizations.  I noticed however that some settings our missing from my default domain policy.

    I made a backup and imported it to scm, associate with 2008 R2 SP1 and merged it with recommended baseline for domain security.

    I noticed that this setting group is missing, "Windows Settings\Security Settings\Public Key Policies" it is present on my existing default domain policy.  Can you advise how I can add this setting group?  

    Thanks,

    Friday, May 4, 2012 8:46 AM
  • Hi Yoyong,

    SCM doesn't include all settings available in group policy, we're working on adding more with each release however I'm not sure if or when those PKI settings will be added. What's supposed to happen for unsupported settings is that they are supposed to not be editable within SCM, but remain as part of the baseline so that they are included when you export it as a GPO backup, however shortly before the last release we found some bugs with the code that handles those features, they are described in Known Issues section of the Release Notes: http://social.technet.microsoft.com/wiki/contents/articles/1864.microsoft-security-compliance-manager-scm-release-notes-en-us.aspx

    Kurt


    Kurt Dillard http://www.kurtdillard.com

    Friday, May 4, 2012 3:24 PM
    Moderator
  • I would think that the merge baseline should exactly be available to create a new baseline based on what you already have as settings and what the Microsoft baselines are.

    In the case I'm trying, we have default drive mappings that we use (and that are set with MSE, Microsoft Server Extensions). Those drive mappings should be merged with SCM windows 10 template settings. 

    Also: I find the habit of programming buttons to disappear when they cannot be used very frustrating because you then have to start researching why the button is missing. A lot more useful would be a button that explain why you cannot merge when you click on it.


    Bart Louwagie

    Friday, February 3, 2017 9:47 PM