Full Text

Microsoft has spent the better part of the last year developing a tool solely for the security and auditing professionals in organizations that use Microsoft technology. Microsoft has taken input from industry professionals, industry regulations, and used logic to develop a tool that will help security administrators define and deploy security settings. Additionally, the tool will help auditors in their quest to audit Windows computers efficiently and with great precision. The tool that Microsoft has currently developed is called the Security Compliance Manager (SCM). This tool works in conjunction with the System Center Configuration Manager (SCCM) to audit the settings that are deployed using SCM. The combination is very effective and extremely powerful. Now, every Microsoft environment has an end-to-end solution for securing and auditing Windows computers.

Overview of SCM

First off let me emphasize that SCM is in beta testing. This means that the tool will go through rigorous testing, which might potentially result in altering some of the information that I am describing here. Based on my exposure to the tool at this point, I don't imagine that will happen, but it is a possibility.

SCM is a tool that uses industry standards and industry compliance regulations to establish baseline security settings that are required for Windows computers. Microsoft worked with numerous companies to develop a complete solution that would allow corporations to meet the requirements of the Sarbanes-Oxley Act, HIPAA, the GrammLeach-Bliley Act, and other regulatory compliance programs.

If you look at the overall picture of how to configure, deploy, and audit security using SCM and SCCM, it would look something like this:

1. SCM will allow you to categorize your Windows computers. Examples would be laptops, desktops, high secure desktops, servers, DMZ servers, domain controllers, etc.

2. Next SCM will allow an administrator to create configuration files within SCM that target the...