New SCM 2 features include:
- GPO import: SCM 2 can now import Group Policy Object (GPO) Backup files to allow organizations to import and compare their existing knowledge against Microsoft baseline recommendations. This long-awaited feature effectively helps you to customize and manage your organization’s existing knowledge stored in Active Directory.
- Baseline setting customization: Modifying baselines just got easier. Adding, extending, or deleting settings from a baseline is an effortless process in this new version of the tool.
- Local GPO functionality: Apply security baselines directly to client and server computers using the LocalGPO command-line tool, which enables you to secure stand-alone computers and test different baselines without using Active Directory to deploy them. Use this tool to create local policy snapshots that you can import into SCM 2 using the new GPO import capabilities, which you can then compare, customize, and export as needed.
- Additional features: These include a new and enhanced UI that provides simpler navigation in the tool, and improved installation with SQL Server 2005 and later releases of SQL Server.
Version 2 of the SCM tool will release with a full complement of Microsoft product baselines, including these new and/or updated baselines:
- Windows Internet Explorer 9
- Windows Server 2008 R2 Service Pack 1 (SP1)
- Windows Server 2008 SP2
- Windows Server 2003 SP2
In more detail
Microsoft Security Compliance Manager (SCM) 2 provides security and compliance configuration recommendations from Microsoft, centralized baseline management features, a baseline portfolio, customization capabilities, and security and compliance baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft products and technologies. The formerly stand-alone product-specific security guides are now included in the SCM tool.
Version 2 of the SCM tool releases with a full complement of Microsoft security and compliance baselines, including a new Windows Internet Explorer 9 Security Baseline, and updated baseline versions for Windows Server 2008 R2 SP1, Windows Server 2008 SP2, and Windows Server 2003 SP2.
These new beta baselines provide:
- Setting severity ratings, allowing you to quickly sort, prioritize, and apply Microsoft security and compliance recommendations.
- Consolidated product baselines that eliminate EC and SSLF baseline components, and make viewing, customizing, and implementing your security baselines easier than ever!
- New compliance-based settings groups allow quicker and easier compliance reporting and audit preparation, when used with the GRC management solution within System Center.
Additional product baselines are currently in development, including baselines for: Windows 7 SP1, Microsoft Exchange Server 2007, Exchange Server 2010, SQL Server 2008 and SQL Server 2008 R2 (multiple roles), Office 2010, Windows Vista SP2, Windows XP SP3, and Windows Internet Explorer 8.
To learn more about the Security Compliance Manager tool, visit the TechNet Library.