Microsoft Security Compliance Manager

The Windows 8 Security Compliance Baseline is integrated with the Microsoft Security Compliance Manager(SCM) 3.0. To access the Windows 8 Security Guide included with this baseline, download SCM.

SCM is a free tool from the Microsoft Solution Accelerators Team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy and Microsoft System Center Configuration Manager. The entire Windows 8 Security and Compliance Baseline package is available through SCM 3.0. The tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows operating systems, and other Microsoft products in your environment. 

See the SCM Getting Started wiki for information about installing SCM and to orient you with the tool’s console and integrated Help guidance.

These release notes are carefully and closely monitored. The SCM engineering team regularly improves the tool and maintains this article to share the latest release information and known issues. Any changes that you make will be evaluated and then quickly accepted, refined, or reverted. Because this is a wiki, additions or refinements to these release notes might have been made by community members.

Please direct questions and comments about SCM to secwish@microsoft.com.

Download and Online Locations

Baseline Components

The Windows 8 Security and Compliance Baseline available in SCM 3.0 includes the following components:

  • Attachments
    • Windows 8 Security Guide.docx (version 1.0)
    • Extended DCM Checks.docx
    • Windows 8 CCE Reference.xlsm
  • Baselines
    • Win8 BitLocker Security v1.0
    • Win8 Computer Security Compliance v1.0
    • Win8 Domain Security Compliance v1.0
    • Win8 Extended DCM Checks v1.0
    • Win8 User Security Compliance v1.0

Version History

Version 1.0 of the Windows 8 Security and Compliance Baseline (January 2013).

Known Issues

The following are known issues for the Windows 8 Security Compliance Baseline:

  • When importing a GPO that includes the “Profile system performance" setting configured to include the  “NT SERVICE\WdiServiceHost” account, the SCM GPO Import process will drop the “NT SERVICE\” portion of the name. The workaround for this issue is to manually configure the setting in the SCM UI to include the full account name: NT SERVICE\WdiServiceHost
  • When importing a GPO that includes the “Allow users to connect remotely by using Remote Desktop Services" setting configured to “Enabled” or “Disabled”, the SCM GPO Import process will reverse the setting configuration. The workaround for this issue is to manually configure the setting value in the SCM UI to match the correct value configured in the imported GPO.
  • Exported Windows 8 DCM packs for Microsoft System Center Configuration Manager 2007 are not compatible with System Center Configuration Manager 2012. To resolve this compatibility issue, upgrade to System Center Configuration Manager 2012 Service Pack 1 (SP1).