1 / 22

Implementing Security Compliance Manager for Compliance in SCCM 2012

SIM424. Implementing Security Compliance Manager for Compliance in SCCM 2012. Matt Shadbolt & George Smpyrakis Microsoft Premier Field Engineering. About Us. George Smpyrakis & Matt Shadbolt. Agenda. What is Security Compliance Manager? What is Compliance Settings in ConfigMgr ?

betty_james
Download Presentation

Implementing Security Compliance Manager for Compliance in SCCM 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIM424 Implementing Security Compliance Manager for Compliance in SCCM 2012 Matt Shadbolt & George Smpyrakis Microsoft Premier Field Engineering

  2. About Us George Smpyrakis & Matt Shadbolt

  3. Agenda • What is Security Compliance Manager? • What is Compliance Settings in ConfigMgr? • “Killer Features” of Compliance Settings and SCM • Real-world Demo

  4. What is Security Compliance Manager? A free Solution Accelerator that allows us to: • Apply Microsoft Best Practice Group Policy Objects • Windows OS (Server/Workstation) • Exchange • Server Roles (IIS, DHCP, AD DC, etc) • Internet Explorer • Office • Model custom Group Policy Objects • Compare custom GPO’s to Microsoft Best Practices

  5. What is Security Compliance Manager? • Export policies for reporting • Excel • CAB • SCAP • Apply Group Policies to local, non-domain joined machines • Security/Policy Guides and Documentation http://aka.ms/SecurityComplianceManager

  6. demo USING SECURITY COMPLIANCE MANAGER Matt Shadbolt George Smpyrakis Premier Field Engineer

  7. What is Compliance Settings in SCCM 2012? • Replacement for Desired Configuration Management (DCM) found in ConfigMgr 2007 • The engine that drives • Application Detection in ConfigMgr 2012 App-Model • Application applicability for Deployments (min RAM requirements, etc) • System Center Endpoint Protection (SCEP) Updates and Compliance • Main function is to detect and report non-compliance for settings across Server and Workstations

  8. What is Compliance Settings in SCCM 2012? Compliance Key Concepts • Configuration Items (CI’s) • One or more settings to query • Active Directory query • Assembly • File System • IIS metabase • Registry key/value • Script (PowerShell, VBScript, Jscript) • SQL query • WQL query • Xpath query

  9. What is Compliance Settings in SCCM 2012? Compliance Key Concepts • Configuration Items (CI’s) • Specify compliance rules • Boolean Logic (Equals, Greater Than, Contains) • Noncompliance Severity (Information, Warning, Critical) • Configuration Baselines • Add one or more CI’s • Add other Baselines • Add Software Updates

  10. What is Compliance Settings in SCCM 2012? Compliance Key Concepts • Deploy • Deploy Baselines to user or computer based Collections • Generate ConfigMgr Console alerts • Specify an evaluation schedule • Report • Utilize SQL Reporting Services • 15 built-in Compliance reports available • Create custom reports

  11. demo USING COMPLIANCE SETTINGS IN SCCM Matt Shadbolt George Smpyrakis Premier Field Engineer

  12. What are the “Killer Features”?

  13. What are the “Killer Features”? • Security Compliance Manager • Export SCM Baselines to ConfigMgr • ConfigMgr 2012 • Import SCM Baselines to check Compliance • Auto-Remediate non-compliant settings

  14. demo EXPORTING SCM BASELINES TO SCCM & AUTO-REMEDIATION Matt Shadbolt George Smpyrakis Premier Field Engineer

  15. Give me a real world example? • Customer Requirements • Ensure SOE Registry Key is at least 4.1 • Ensure MsMpEng.exe exits • Ensure Windows Update service has started • Ensure Windows Firewall policy applied • Outcomes • Report all computers who are running the old SOE • Deploy SCEP to computers without MsMpEng.exe • Start Windows Update service • Report all computers who fail Windows Firewall policy

  16. demo REAL WORLD DEMO Matt Shadbolt George Smpyrakis Premier Field Engineer

  17. To close out…

  18. To close out… • Security Compliance Manager is free… use it! • If you’ve got ConfigMgr 2012, you’ve got Compliance Settings… use it! • Compliance Settings isn’t only for Servers… • Export your GPOs, Import your GPOs into SCCM and show your AD guys how non-compliant they are! • Script CI’s carefully… • Report first… Auto-Remediate second

  19. Related Content • SIM333 – System Center 2012 Application Management SIM425 – Migrate from ConfigMgr 2007 to ConfigMgr 2012 Close-out Party… Tonight! Exam 70-243: Administering & Deploying ConfigMgr 2012 Find Me Later At… Premier Support stand at the Expo (right after this!)

  20. Track Resources Download SCM http://aka.ms/SecurityComplianceManager Read about ConfigMgr2012 http://aka.ms/svfylb Read about Compliance Settings http://aka.ms/mic5ek Enjoy ConfigMgrDogshttp://aka.ms/odwj0l

  21. THANK YOU • Matt Shadbolt • http://www.linkedin.com/in/mattshadbolt • George Smpyrakis • http://www.linkedin.com/in/georgesmpyrakis • ConfigMgrDogs • http://blogs.technet.com/b/configmgrdogs/

  22. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related