\n
![\"Compliance](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance01.png\")
<\/a>\nAfter a successful Installation you can start the “Security Compliance Manager” (SCM), the program will start and you can select the appropriate Options:
\n
![\"SCM](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance02.png\")
<\/a>\nIn this example, I will use a Windows Server 2012 Hyper-V Security template as baseline, because the virtualization layer is a good Point to start with compliance, thus they are hosting our environment. So click on Windows Server 2012 to open the tree, and select “WS2012 Hyper-V Security”:
\n
![\"Hyper-V](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance03.png\")
<\/a>\nYour Focus should now Change to the middle of the console, where you already get 203 Settings to use. You can now decide to use this set, and Export it to use it in SCCM, then you can scroll down a Little bit, this will be explained. Otherwise, if you decide to use SCM for the Single Point of Management, what would be a good Option, then you have to duplicate the baseline:
\n
![\"Dublicate](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance04.png\")
<\/a>\nAfter giving an unique Name and an excellent description, click on Save and you can use your custom baseline:
\n
![\"Custom](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance05.png\")
<\/a>\nNow you are able to Change any Settings and also to add more Settings, or delete some:
\n
![\"Compliance](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance06.png\")
<\/a>\nIn this example, I only set the Print Spooler to “Disabled”, and set the severity to “Important”:
\n
![\"Disable](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance07.png\")
<\/a>\nI also add a Setting to the baseline, but first, I create a new Settings Group, I will Name it General:
\n
![\"Add](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance08.png\")
<\/a>\nWhen clicking on “Add” in the right side of the console beyond “Setting”, the “Add Settings”-Wizard appears, here can I add more Settings to my baseline. The GUI is not very good, that’s why I would Point out, that there exist 22 pages for Windows Server 2012 (you might want to use the filter search). I choose to not require Ctrl-Alt-Del to Logon interactively:
\n
![\"Add](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance09.png\")
<\/a>\nClick on “Add” to finish the wizard. Afterwards you can Change the behaviour of the added Setting. I changed the value to enabled and the severity to Optional:
\n
![\"Add](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/10\/compliance10.png\")
<\/a>\nYou can add more and more Settings to your baseline if you want. For this example, I have changed and added enough, now I will Export the baseline, and Import it to SCCM.<\/p>\n
Here Comes the Export of the Baseline. Be sure that you have selected your custom baseline in the tree on the left side of the console. The click on “SCCM DCM 2007 (.cab)” beyond Export. Even if you are using SCCM 2012, it will definitely work: Hey, here’s Martin, did you ever come to the Point, where you should implement compliance Settings in System Center 2012 Configuration Manager (Artist formerly known as “Desired Configuration Management”)? And further, did you also thought, how to get all of those compliance Settings? Microsoft publish the so-called “Security Compliance Manager” which will be the Support […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35,40],"tags":[],"class_list":["post-1007","post","type-post","status-publish","format-standard","hentry","category-sccm-2012","category-tools"],"_links":{"self":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/posts\/1007","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1007"}],"version-history":[{"count":0,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/posts\/1007\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/a>
\nAnd in the SCCM 2012 Console, you can now Import your designed baseline. Go to “Asset and Compliance” “Compliance Settings” “Configuration Baseline”, with a right-click, the menu opens, and you can select “Import configuration Data”:
\n<\/a>
\nClick on “Add” and select your exported Baseline from SCM, because your cab-File is not digitally signed, a warning will be shown. The wizard should Looks like this:
\n<\/a>
\nIn the summary you can recognize your Setting Groups:
\n<\/a>
\nIf everything was imported, you will see the success Status:
\n<\/a>
\nAfter finishing the wizard, you can modify the Settings again, or set remediation. Mind to document any changes made in SCCM, when using DCM as the Single Point of Management. And then, you can deploy your baseline as any baselines created before.
\nThe SCM allows you to control your Settings on a easy way, and publish them to different Systems (Group Policy, SCCM, Excel).<\/p>\n","protected":false},"excerpt":{"rendered":"