The Windows Server 2008 SP2 Security Compliance Baseline is integrated with the Microsoft Security Compliance Manager (SCM) tool. To access the Windows Server 2008 SP2 Security Guide included with this baseline, download SCM 2.5.

SCM 2.5 is a free tool from the Microsoft Solution Accelerators Team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy and Microsoft System Center Configuration Manager. The entire Windows Server 2008 SP2 Security Compliance Baseline package is available through SCM 2.5. The tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows operating systems, and other Microsoft products in your environment.

See the SCM Getting Started wiki for information about installing SCM 2.5 and to orient you with the Solution Accelerator’s console and integrated Help guidance.

These release notes are carefully and closely monitored. The SCM engineering team regularly improves the tool and maintains this article to share the latest release information and known issues. Any changes that you make will be evaluated and then quickly accepted, refined, or reverted. Because this is a wiki, additions or refinements to these release notes might have been made by community members.

Please direct questions and comments about SCM 2.5 to secwish@microsoft.com.

 

Download and Online Locations

  • To learn more about this product baseline, see the Windows Server 2008 SP2 Security Baseline page in the TechNet Library
  • To download the Security Compliance Manager tool, visit the Microsoft Download Center

Baseline Components

The Windows Server 2008 SP2 Security Compliance Baseline available in SCM 2.5 includes the following components:

  • Attachments
    • Windows Server 2008 SP2 Security Guide.docx (version 4.0)
    • Windows Server 2008 SP2 Attack Surface Reference.xlsx
    • WS2008SP2_IT_GRC_MCA_MP.cab
  • Baselines
    • Windows Server 2008 SP2 AD Certificate Services Server Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 DHCP Server Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 DNS Server Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 Domain Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 Domain Controller Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 File Server FCI Baseline v1.0
    • Windows Server 2008 SP2 File Server Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 Hyper-V Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 Member Server Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 Network Access Services Server Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 Print Server Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 Remote Desktop Services Security Compliance Baseline v1.0
    • Windows Server 2008 SP2 Web Server Security Compliance Baseline v1.0

Version History

The released versions of the Windows Server 2008 SP2 Security Compliance Baseline include:

Version 1.0 of the Windows Server 2008 SP2 Security Compliance Baseline (September 27, 2011).

Version 2.0 of the Windows Server 2008 Security Baseline, updated for SP1 (April 6, 2010).v Version 1.0 of the Windows Server 2008 Security Baseline (February 12, 2008).

Known Issues

The following are known issues for the Windows Server 2008 SP2 Security Compliance Baseline:

  • None for version 1.0 of the of the Windows Server 2008 SP2 Security Compliance Baseline.
  • None for version 2.0 of the of the Windows Server 2008 SP1 Security Baseline.
  • Version 1.0 of the Windows Server 2008 Security Baseline:
    • Windows Vista SP1 and Windows Server 2008 RTM share the same operating system version (6001). For this reason, the DCM configuration packs for Windows Vista SP1 and Windows Server 2008 can be applied to each other, but this may not provide you with correct monitoring results. Ensure to carefully apply the correct DCM packs to each operating system collection. (February 12, 2009)
    • The DCM feature in Microsoft System Center Configuration Manager does not work on computers running Server Core installations of Windows Server 2008. Server Core does not support Microsoft .NET Framework 2.0, which is required for the DCM agent (February 12, 2009).