locked
Just Starting with SCM RRS feed

  • Question

  • Hello everyone,

    I've just started looking at SCM and it seems a great tool for setting and auditing security on my domain.  However, I can't see any method of integrating it with the actual GPo and security tools I am using on the domain (Group Policy Management, Security Configuration and Analysis).

    I can't see a method of backing up current GPo on my domain into files that the SCM can read for comparison to baseline, or for exporting SCM baselines for use on my domain.  Am I wasting my time with a tool that is only for use with System Center Configuration Manager? (that I don't have)

    Cheers,

    Pete

    Friday, February 11, 2011 10:31 AM

Answers

  • Pete;

    SCM is designed to be your tool for managing a library of configuration baselines which you can export into a variety of formats. Right now you can export them as:

    1. GPO backups which you can import into AD DS.
    2. Excel spreadsheest which you can share with your colleagues for review and store for documentation.
    3. Desired Configuration Management (DCM) packs for compliance scanning with SCCM.
    4. SCAP content for use with compliance scanning with SCAP-capabable configuration scanners.

    Even if you don't want to use SCM for generating compliance data (3 & 4) you can still get some value from it by using it to create GPOs with the settings that you need in your organization. You can also get a lot of value from SCM becuase it includes all of Microsoft's security guidance and baselines for Windows, Internet Explorer, and Office.

    Its not perfect, some of  things we hope to address in SCM 2.0 include adding the ability to import GPOs, improving the user interface, and speeding up the performance.


    Kurt Dillard http://www.kurtdillard.com
    • Marked as answer by Pete-7000 Tuesday, February 22, 2011 3:07 PM
    Friday, February 11, 2011 9:48 PM