News

Windows Security Compliance Manager Released

• By Herb Torrens
• April 09, 2010

Microsoft rolled out Security Compliance Manager on Thursday to help IT pros design, manage and monitor baseline security in Windows.

The tool, previously available as a beta in February, is the newest member of Microsoft's Security Compliance Management Toolkit, according to a Microsoft blog. It's one of the free tools in the Microsoft "Solution Accelerators" series.

"Security Compliance Manager lets organizations centrally plan, view, update, and export hundreds of Group Policy settings for Microsoft client and server OSes and applications, "noted Donald S. Retallack, research vice president for systems management and security at Directions on Microsoft, in an e-mail.

The tool works with Microsoft's Security Compliance Management Toolkit to manage security settings for Windows XP, Vista, Windows 7, Windows Server 2003 and Server 2008, Internet Explorer 8 and Office 2007, Retallack explained. Since it's used with Group Policy, it applies only to Microsoft products, he added.

"The tool does not return information -- it is used to provide standard settings to other tools, such as Configuration Manager, for setting security settings on an organization's computers," Retallack stated. "Security Compliance Manager maintains a library of sets of security settings (baselines) with recommended settings from Microsoft."

The Microsoft Solution Accelerators team worked with IT pros, government agencies and Microsoft security experts to develop the tool. Security Compliance Manager is designed to accelerate the use of best practices, allow centralized decision making, and help monitor, verify and comply with an organization's security baselines, according to Microsoft's blog.

Security baselines, as defined by Wikipedia, are a "cookbook recipe for a normal level of protection."

Such baselines can include hundreds of settings, such as whether a user is allowed to turn on Active-X controls in Internet Explorer, whether a workstation OS requires password changes at some defined interval, whether BitLocker features are enabled, and many others, according to Retallack.

Users of Security Compliance Manager can access a database of Microsoft-recommended security settings and then customize the baselines according to organizational needs. The formats to export customized baselines include Desired Configuration Management, Security Content Automation Protocol, Microsoft Excel, or Group Policy Objects.

"There are lots of Microsoft tools that accomplish similar things," Retallack noted. "One such enterprise tool for maintaining Group Policy Objects is the Advanced Group Policy Manager (AGPM) in the Desktop Optimization Pack."

Retallack, however, noted that Security Compliance Manager is not just a marketing or advertising play by the software giant.

"The tool is not just advertising -- it can really help IT administrators maintain a consistent set of security settings across an enterprise," he said.

The Microsoft Solution Accelerators team described the Security Compliance Manager tool back in February in a series of videos that can be accessed here.