Microsoft Security Compliance Manager V3 and create GPO

Similar Messages

• Microsoft Security Compliance Manager - Failed to installed

  Every time I try to install Microsoft Security Compliance Manager right when I getto the part where I'm installing it, it gives me this error:
  Microsoft Security Compliance Manager Setup Wizard failed while starting the installation/uninstallation The given path's format is not supported.
  Then closing the installation and telling me it failed.
  Please help I need to install this for a class.

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Applying recommend settings from "microsoft security compliance manager 3.0.60.0" to a standalone Server using LocalGPO.wsf on Server 2012 R2

  Hello
  Can someone please help me with the following question.
  I have a standalone Server and need to apply settings from SCM, I can see how to do this following the instructions in the following article
  http://windowsitpro.com/security/q-how-can-i-apply-security-baseline-i-defined-through-microsoft-security-compliance-manager
  The problem is  the LocalGPO.wsf that ships with the above version of SCM does not run on Server 2012 R2 (only Server 2012) 
  my question is, 
  is there a later version of LocalGPO.wsf I can use that works on Server 2012 R2 ?
  Thanks
  AAnotherUser__
  AAnotherUser__

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Upgrading from SQL Server 2005 Compact Edition [ENU] to SQL Server 2008 Express Edition OR HIGHER for Microsoft Security Compliance Manager

  I have downloaded the MS Security Compliance Manager, which is in two parts:  MS SQL Server 2008 Express Edition & the SCM. The install instructions state the the server needs to be install before the SCM.  So as the install continues I get
  an error message, which cancels the installation.  So, I am trying to install SQL 2008 EE separate from SCM.  My question is: 
  Can I upgrade from my current SQL Server 2005 Compact Edition [ENU]
  directly to SQL Server 2008 Express Edition (or higher)?

  So as the install continues I get an error message, which cancels the installation. 
  And which error message did you got?
  SQL Server Compact Edition is something different then SQL Server Express (or Standard) Edition, you can't upgrade it as you asked for,.
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• Microsoft security compliance manager 3.0 in windows 2012 server

  Hi All,
  I am completely new in SCM. I have assigned to verify and check why SCM is required for environment, what and how SCM works. I have downloaded SCM from
  https://www.microsoft.com/en-us/download/details.aspx?id=16776.
  After download i am able to install it in 2008 std x64 bit but my target is to install it in 2012 server x64 bit. I am not able to install it.
  It's showing do not have feature of .Net Framework 3.5 and installation is getting closed suddenly. I tried to download .Net Framework3.5 but not able to install it as showing not supported or showing alternet path. I am not holding any CD/DVD of Windows
  2012 server. Only ISO.
  Please help me.
  Thanking you in advance!
  Abhijit

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Security Compliance Manager - version 3.0.60

  Does anyone know if this version of Security Compliance Manager supports Windows Server 2012 R2:  
  3.0.60

  Hi sayerdi,
  As this question is related to Security Compliance Manager (SCM), for quick and accurate response, I would like to recommend that you ask the question in the SCM forum at
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement . It is appropriate and more experts will assist you.
  Additionally, there is a similar thread about SCM for Windows Server 2012 R2 for your reference.
  https://social.technet.microsoft.com/Forums/en-US/9a0b831e-5d38-4b26-9191-16286f10ecab/scm-update-for-windows-81-and-windows-2012-r2?forum=compliancemanagement
  Thanks,
  Lydia Zhang

• Dot net Applilcations are not running after Microsoft Security patches in Sep and Nov 2014

  My team did the microsoft security patches of Aug2014 and November2014 on 10 client machines (10 macines 2005) without a hitch. The Client machine (Windows 2005) accepted the patch, but all machines one of the applicaiton(VB6.0 and VB.net2005) is not able to
  connect to the server.The event log was filled with SChannel errors indicating code 80 (internal_error), implying something that was deeply wrong with SChannel:
  The following fatal alert was generated: 80. The internal error state is 1250.
  and
  The following fatal alert was generated: 80. The internal error state is 1051.
  Has anyone else experienced this issue with this or another update, or have some tips as to how I might better diagnose the issue? Thank you.

  Hi,
  I have seen a few threads with the same error, please try to uninstall KB2992611 to see if the issue persists.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Obiee security / Cache management scenarions and solution required

  scenario 1: Cache Mechanism implementation
  We have to develop a report which will populate the data from Cache for previous months and from database for current month simultaneously.
  Scenario 2: Security (users/groups) implementation
  We have to implement the authorisation on 20000+ roles (groups) in OBIEE. They want it to be implemented internally in OBIEE using some script/API so that all the roles will be created and as well as updated automatically in OBIEE whenever there are some updations in their database.
  Question 1: How is it possible to manage more than 20000 roles (groups) , each role is having different different privileges ?
  Scenario 3: How can we switch on or off row-level-security for different reports (As in some reports, data does not need to be restricted)"
  Example: A single report has a summary page and a detail level page. Summary page can be seen by everyone whoever logs on to the BI portal and accesses the report but when the user clicks on a figure on summary page to drill to detail he sees only his data that he has access rights to.

  scenario 1: Cache Mechanism implementation Can not be done. Either the query comes from the cache or it doesn't, it can not come from two sources.
  Scenario 2: Security (users/groups) implementation
  Question 1: How is it possible to manage more than 20000 roles (groups) , each role is having different different privileges ? Sure your requirement is to implement a specific security model not to have 20000 roles. You seem to have come with an implementation where you have 20000 roles which to me would seem like you are way off track. Could OBIEE support that? May be. Is it a good idea? Def not.
  They want it to be implemented internally in OBIEE using some script/API so that all the roles will be created and as well as updated automatically in OBIEE whenever there are some updations in their database.Whoever is "they" tell them that they are not OBIEE experts and they should not tell you how to implement things. Ask them to give you the actual business requirement rather than the "solution". You as an "OBIEE expert" should decide the best way to implement it in OBIEE. The typical approach is to have all the roles in a Database and populate the GROUP variable via a row-wise init block. Plenty of into in the forums about this. Script/API? Forget about it, not fast enough.
  Scenario 3: How can we switch on or off row-level-security for different reports (As in some reports, data does not need to be restricted)" If row-level-security is needed a the report level then you shouldn't implement it in the RPD but you should use filters in the different reports. Do not let the users change those reports.

• Security Compliance Manager not compatible with Windows 8.1

  Hey everyone, can someone point me in the right direction here.  I am running the GPOMSI.MSI app in the SCM 3.0   When I try to do an export of Local Group Policies I get an error message stating its not compatible.  I have searched for an
  update, but cant find it anywhere.
  Thanks

  Hi,
  According to the screenshot, it seems like compatibility problem, What's the type of your system?
  In addition, you can refer to the link below to view its compatibility list.
  http://gallery.technet.microsoft.com/LocalGPOmsi-Excellent-MS-2593b2eb
  Roger Lu
  TechNet Community Support

• Policies missing in SCM Windows 8.1 Security Compliance Baseline v1.0

  Hello,
  I have installed SCM 3.0.60 (downloaded from this link:
  Microsoft Security Compliance Manager) on a Windows 8.1 Virtual Machine. Because I could not connect my VM to internet at the moment, I imported the Windows 8.1 Security Compliance Baseline (downloaded from this link
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!) and the baseline attachment in SCM. The import process ran well and I then created a custom baseline based on the Win8.1 Computer Security Compliance 1.0 baseline (using the Duplicate
  action in SCM). During my customization I have noticed that some policies were missing from my custom baseline. After verifying the original baseline I have noticed that the policies were missing in it also. I connected my VM to the internet and clicked on
  the Download Microsoft baselines automatically action in SCM. SCM downloaded additional baselines (Office 2013, SQL Server 2012,...). I was expecting the Win8.1 baseline to be updated but it was not. The policies are still missing and I cannot complete my
  customization. For information the missing policies that I've noticed are the following:
  Under Computer Configuration\Administrative Templates\Windows Components\File Explorer
   All policies are missing except "Configure Windows SmartScreen" and "Turn off Data Execution Prevention for Explorer"
  Under Computer Configuration\Administrative Templates\Windows Components\Sync
  your settings theses polices are missing:
   --> Do not sync
   --> Do not sync app settings
   --> Do not sync browser settings
   --> Do not sync desktop personalization
   --> Do not sync on metered connections
   --> Do not sync other Windows Settings
   --> Do not sync passwords
   --> Do not sync personalize
  Under Computer Configuration\Administrative Templates\System\KDC these policies are missing
   --> KDC support for claims, compound authentication and Kerberos armoring
   --> User forest search order
   --> Warning for large Kerberos tickets
   --> Provide information about previous logons to client computer
  It seems that theses policies are not present in the Package.XML file that is included in the Windows-8.1-Security-Compliance-Baseline.cab.
  Does anyone ever experience the same issue?
  Anyone know if there is an updated version of the Windows 8.1 Security Compliance Baseline ? (the version downloaded from the link i supplied above is v1.0)
  Regards,
  François

  Hi,
  in this blog, it is just related to Internet Explorer, not the lock screen camera, it can be found at the GPO.
  Regards
  Wade Liu
  TechNet Community Support

• Using SCCM 2012 Compliance to check if a GPO applied

  Is it possible to use SCCM 2012 Compliance feature to check if a AD GPO settings applied to a Device / User collection or not?
  If Yes, then how?

  You can do this with SCM (Security Compliance Manager), download here:
  http://www.microsoft.com/en-us/download/details.aspx?id=16776
  Import your GPOs to SCM some guidelines here:
  http://4sysops.com/archives/microsoft-security-compliance-manager-scm-v2-part-1
  Export your GPO from SCM to DCM format guides here:
  http://blogs.msdn.com/b/scom_2012_upgrade_process__lessons_learned_during_my_upgrade_process/archive/2012/09/21/compliance-settings-sccm-2012.aspx
  Import your DCM to SCCM and off you go

• T61p - Please wait while Windows configures Client Security Password - Manager

  My T61p system is fully updated, however I continue to get "Please with while windows configures Client Security Password - Manager." and then the computer trys to install
  css_manager_vista_tpm.exe
  over and over again.
  What is the problem here and how can I solve?
  How can I contact Lenovo-Thinkpad to assist?
  The problem has reoccured even after I did a system restore to an earlier date.
  It seems to initiate when I first boot up and then open up "Pictures"
  Please help.
  Thanks

  Well, I take everything back. After removing all password entries and re-installing/rebooting, it worked for a while. But now it is doing it all over again. I tried to call techincal support, but they then said I would have to pay for software support and they only support hardware, and to re-install the OS. Great, jeez, I couldn't have tried that myself, and that is so simple and takes no time at all (detecing sarcasm yet?)
  I do a lot of work for large corporations that are watching the IBM=>Lenovo takeover very closely to see if they are going to drop Thinkpads altogether and go with another laptop vendor. This type of weak support does not bode well. The person I was on the phone with was rude, hard to understand, and even told me there was no place to escalate the call to.
  There is no replacement for customer support. It is sad to see no Lenovo involvement in this forum, and don't make the mistake of thinking this is an isolated problem at this time. It is growing.
  Though Thinkpads are great Laptops, Toshiba used to have the market, but their support or should I say lack of it led to their downfall and position of leadership loss.
  It will be no different if Lenovo continues to act like a machine churner.

• Cannot validate pgp signatures of microsoft security bulletins

  So I've been getting Microsoft security bulletins for years and I thought I would actually verify the PGP signature. I have not been able to yet. I found two public keys on microsoft sites:https://technet.microsoft.com/en-us/security/dn753714was the first key I imported. My PGP software says it is the wrong key for the June 2015 security bulletin:PHPWrong signature of Microsoft SecurityNotifications (Key ID: BF05BFF43AA549E5)Notably on that link above, the page says it was "Updated: December 15, 2015" (in the future). I found that page linked fromanother page.I found another key and replaced the above key with a slightly older one. I still get an "unknown" key errorTextSigned with unknown key(Key ID: BF05BFF43AA549E5)I also foundboth keyson the MIT key server.What do you get when you verify Microsoft PGP signatures?
  This topic first appeared in the Spiceworks Community

  Hi,
  Thanks for your advise. I record your feedback.
  Juke Chou
  TechNet Community Support

• RME - Compliance Management - Deploy strangeness

  Hi All,
  Here is an interesting one. Got a selection of Compliance management jobs and am having trouble with the deploy phase. Basically I am looking for the following on a series of devices and then removing it.
  - [#radius-server host.*#]
  So when this runs, it matches what I expect (shown below)
  no radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXX
  However when I deploy this, the line above remains on the device?
  I have tried changing the compliance check to
  - radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXX
  To see if its a regex problem of some form and the job does exactly the same, i.e. it matches the line and tries to deploy however doesn't work?
  Any ideas?

  Hi Yidabear,
  Its not a pre-requisite problem as the pre-requisites are fillfilled and hence it deploys the rest of the config to the devices in question. For some reason it is just this one line that it has a problem with. Strangely enough, we had a similar issue with the same format of TACACS server line. It seems to happen when you have the "key 7 xxxxxxxxx" value at the end? Even though it finds it and tried to remove it it fails.

• Looking for a tutorial/design-pattern for Manage User and Permissions.

  Hello,
  I wonder if anyone knows a good tutorial/blog with reference to security - howto Manage Users and Permissions.
  In my application I have GROUPS and each group has access to different RECORDS and CASES.
  Example:
  Groups: Alfa, Beta, Gamma
  Record: R1, R2, R3...
  Case: C100, C200, C300
  Group Alfa can view: R1, R2 and C300
  Group Beta can view: R1, R3, C200, C100, C300,
  Group Gamma can view: R3
  My question is this: what should be the best way (design-pattern?) to force a policy to securing the Records/Cases?
  What should every case/record implemented to verify that a user (part of a group) has the right to access the entity.
  Thank You!

  Sorry if this one is too basic for you but as I do not know your level of experience try:
  http://www.adobe.com/devnet/dreamweaver/articles/first_dynamic_site_pt3_print.html
  HTH
  There are also many other tutorials on:
  http://www.adobe.com/devnet/dreamweaver/application_development.html