SCM v2 (CTP) Available to Download


UPDATE: The SCM v2 CTP has been removed from MS Connect, please download the SCM v2 Beta. Thanks for the patience! -jeff [Jun 27th, 2011]

 

Hello everyone! You’ve all been very patient with the SCM team and I wanted to thank you for that. I’ve received (literally) hundreds of emails in the last month or so asking me when GPO IMPORT / SCM v2 CTP was going to be available – and I’m proud to tell you it is here!

SUMMARY

NEW FEATURE: GPO Import

SCM is now able to parse a GPO Backup and import that knowledge into the tool.

          SCM is also able to “associate” an imported GPO against a product. This is an advanced feature in case you plan to do a lot of maintenance around the content you’ve imported.

          Any content inside of the POL, INF and CSV files SCM doesn’t understand *should* be preserved, but not edit-able within SCM. When you export the content back out to a GPO Backup – it should still be present. **See known issues at the bottom of this email

          NEW FEATURE: Existing instance of SQL during install  

          We no longer force SQL Express upon you. πŸ™‚ You can point SCM during setup at an existing local instance of SQL (2005+).

          ASK

          This is a CTP release. We are not yet feature complete for the version 2.0 release. We plan to be feature complete by the April/May Beta release. The chief ask of you is that you pound on these two new features. We need you to bring out all of the GPO Backups you might have, attempt to import them into the tool, and then tell us what happens!

          FEEDBACK

          Please send all feedback in email: SecWish@microsoft.com. Be sure to include a zipped up copy of your GPO Backup (if applicable).

          DOWNLOAD

          These steps must be followed in the sequence listed below OR THE DOWNLOAD WON’T WORK.

          1.) Join the connect program: Register

          2.) You’ll have to sign-in with your live id and register with MS Connect if you’ve never done that

          3.) You should then have access to the download itself: Download

          If you see this message, you didn’t follow the above steps in sequence. J It is also possible you’re hitting a MS Connect issue. Please email us if that is the case.

          KNOWN ISSUES

          1.) If the GPO Import has “other” files in it, like custom extensions or GP Preferences – SCM doesn’t carry these files forward. Please feel free to let us know what in your GPO Backup doesn’t make it across.

          2.) Local GPO Tool forces you to uninstall the old version to upgrade to the new version which comes with SCM v2.

          3.) The UI in SCM v2 is nearly identical to the UI in SCM v1 – except that it is a lot quicker most of the time. You might notice that we sometimes show “Settings Loading…” in a strange way. This is work in progress. We are doing a lot of UI improvements in the Beta.

          4.) When you import a GPO sometimes the success or failure message is trapped BEHIND the SCM window. You have to look in your taskbar to find it. This is frustrating – we are sorry – and we are fixing it.

          Cheers!
          – The SCM Team

          Comments (42)

          1. JeffSigman says:

            Welcome! Sorry about the USGCB troubles. We were blown away with just how many people tried these GPOs. We now have them in our test suite to make sure all is well! πŸ™‚

            -jeff

          2. JeffSigman says:

            Some USGCB GPOs have troubles – we've fixed a lot of bugs in this area since the CTP. I'll be asking for your help in trying again when we release the beta. I don't yet have an ETA for the Beta put I'll be posting to the blog with a timeframe soon!

            -jeff

            PS – If I has a simple workaround I would post it. This isn't fixable without a code change in SCM I'm afraid. πŸ™

          3. JeffSigman says:

            Logs logs … we need logs! πŸ™‚

            %temp%SCM Installer Logs <date>

            Please email secwish [at] microsoft [dot] com

            Here's a trick though, if you want to cheat. Install SQL manually and create an instance named MICROSOFTSCM (one word). If that SQL instance is present and running (and A-OK), SCM should just install.

          4. JeffSigman says:

            It is still available Eileen – shoot us an email listed in the blog post and we can get you added to the CTP.

            Hey Pat – thanks for sending those to us. Just to let you know, we believe we have fixed all issues we have seen in the USGCB GPOs to date – we are just getting the quality of SCM ready to release as a beta. Thanks for helping us out!!

            -jeff

          5. JeffSigman says:

            I just pulled the CTP download down. Hmmmm.. Why would I do this? πŸ™‚ Well, watch the blog tomorrow to find out! πŸ™‚

            Cheers -jeff

          6. JeffSigman says:

            Wow Jason! Thanks for saying that. We are quite proud of SCM and it has a very bright future. Can't wait to get SCM v2 out there and start working on everything we want to do in v2.5 and v3.0! πŸ™‚

            Thanks for sending the email with your GPO. We are on it!

            -jeff

          7. JeffSigman says:

            Sorry folks for not posting many replies here recently. We are looking at releasing the SCM v2 Beta NEXT WEEK! We are very very close on this thing. It is looking great right now and I expect it to be on time. Hang in there with us – this Beta will resolve 99% of GPO Import issue along with a slew of fixes and UI improvements. I'm writing the blog post to announce it this week so that I am ready to go! πŸ™‚

            Cheers -jeff

          8. JeffSigman says:

            Hey Garrett. Thanks for the time on v2! πŸ™‚ You need to go to a machine with internet access, download the product baselines you desire, then sneakerNet them over to the SCM machine, import, disco.

            social.technet.microsoft.com/…/microsoft-security-compliance-manager-scm-baseline-download-help.aspx

            Rock on. -Jeff

          9. JeffSigman says:

            Not yet no. We are working hard on getting that date though – trust me. πŸ™‚ -jeff

          10. JeffSigman says:

            Not yet – but they are in progress right now. We'll be releasing some beta content included with the SCM v2 beta. As soon as I can share a date I will do so. Promise! -jeff

          11. JeffSigman says:

            Hey Krevard – is this a French version of Windows? Do you have the EN-US MUI pack installed and running? How is the language of the machine configured?

            -jeff

          12. JeffSigman says:

            Rob, thanks for letting us know! They were actually stuck in our bug system. We are now taking a look! Sorry about that. -jeff

          13. JeffSigman says:

            Hey Leo – I saw your email this morning. SCM test team is investigating. πŸ™‚

          14. anton says:

            Can't wait to give it a swirl!!

          15. garrett says:

            I really appreciate the V2 release. I am using this to configure a baseline for an isolated Windows 7 box that has no internet access. I have created my own GPO for my configuration and imported it into SCM. The problem I have now is that I have no products installed in SCM to associate with this GPO.

            My end goal is to export the SCAP fo use in another application to validate compliance. Again, This system does not and will not ever have an internet connection. Is there a way to install products in SCM without a net connection?

            Thanks!

          16. garrett says:

            Thanks!

            I appreciate it.

          17. mike says:

            Great Product.

            One question, Is there a way to show the rest of the options for the template when starting with the Baseline? We would like to use the baseline to start, but then add the specific settings for our environment prior to publishing and importing into AD.

            At this time with Version 2.0, we can tweak the baseline settings, but have to import settings into a New Policy in AD prior to adding site specific settings.

            Any direction or further documentation would greatly be appreciated.

          18. Joe says:

            Simply copy a baseline then you can edit the copy to your hearts desire.

          19. thomas says:

            Hey,

            i still got the installation problem that should be solved in v2.

            I had SCM 1.x installed and when i tried to update it to 1.3 it crashed and i was never able to install it again. Neither the old version nor this one. The installer just fails with the typical "Stopped working" dialog.

            I removed MAP, ACT and SQL Express 2008. I cleaned the registry from all SCM leftovers. I'm using Win7 x64 german. I really got no idea what else i could do. I got SQL Express 2008 R2 installed aswell, may reomve that one aswell and try again, but that's it then.

            I'd love any input to help me get in running again πŸ™‚

            kind regards

            Thomas

          20. Lavi says:

            Jeff, Do we have a security baseline availble for Internet Explorer 9.0 and windows 7 SP1 as both are RTM now and customer wanna start using them in production.

          21. Jason says:

            Hi,

            The import GPO function seems to be having some issues with some of the GPO objects I'm trying to import, on some I get a value cannot be null exception I've sent an email over with the GPO attached.

            Have to say though SCM is a brilliant tool.

          22. Eileen says:

            Is this version still available for download?  I'm unable to access after registering in Connect.

          23. Pat says:

            I sent an email also, but I am having issues importing GPOs into the SCM tool.  I am hoping that they can be fixed.  They are USGCB baseline GPOs.

            The ones I could import the tools is going to be a great asset to planning and implementing GPOs!!

          24. Pat says:

            Do we have an estimated time for beta?

          25. Eileen says:

            Thanks Jeff, I was able to download yesterday!  Very excited, however, I'm having issues with the same GPO as Pat (usgcb, retrieved from the NIST site) the log error = Import GPO failed with the following errors

            Tag GPODIsplayName in bkupInfo.xml does not exist.  I tried removing the attribute, I've moved all the xml files and and csv to the root of the directory and cannot import.  Any suggestions  would be most grateful πŸ™‚

            thank you in advance for your time.

          26. Eileen says:

            Thanks Jeff, I appreciate your response.  I'll wait for the beta, and will be happy to help in anyway I can.

          27. Krevard says:

            Hi,

            Thanks for the v2 πŸ™‚ It seems to be great…. Unfortunately I tried during one day to install it and I never achived….. could u help?

            In SCM_Install_Prereq_Checker.log I have:

            <InitInstance 16:39:29>Located .NET error message:

               Le .NET Framework version 3.5SP1 est requis pour l'installation de Microsoft Security Compliance Manager. TΓ©lΓ©chargez et installez le .NET Framework version 3.5SP1, puis rΓ©exΓ©cutez le programme d'installation. go.microsoft.com/fwlink

            <InitInstance 16:39:29>Latest CLR is detected successfully.

            In SCMSetup.log:

            VRASetup 16:39:31>  VRASetupMainPage.HandleError_Entry

            <VRASetup 16:39:31>  VRASetupMainPage.HandleError_Entry

            I have the same errors on W7 Enterprise 32 and 64 and on Win Xp PRO with framework 3.5sp1 (by default on W7) and framework 4.0..

            Thanks in advance!!

          28. Leo says:

            Hi Jeff,

            Having issues as well Importing GPO's from a client that were created using the LocalGPO.msi tool.

            When I attempt to Import a GPO created by the LocalGPO.wsf tool and I click on the root of the folder where the GPO resides I get "Value cannot be null. Parameter name: value"

            If I dig down into the folder DomainSysvolGPOMachineMicrosoftWindows NTAudit I get the following message "Import GPO failed with the following errors

            Either Backup.xml or bkupInfo.xml does not exist."

            My next step was to copy the Backup.xml and bkupinfo.xml from the root folder and paste it under the Audit folder where the audit.csv resides.  I rerun the Import agan and I get the following message "Import GPO failed with the following errors

            Tag GPODIsplayName in bkupInfo.xml does not exist."

            This is the contents of the bkupinfo.xml:

            <BackupInst xmlns="http://www.microsoft.com/…/Manifest"><GPOGuid>&lt;![CDATA[{FACCA114-6E57-4027-AB08-D891F66A4A24}]]></GPOGuid><GPODomain><![CDATA[contoso.com]]></GPODomain><GPODomainGuid><![CDATA[{8d345ac4-636f-4d69-8650-335cb5d903a9}]]></GPODomainGuid><GPODomainController><![CDATA[DC01.contoso.com]]></GPODomainController><BackupTime><![CDATA[2011-5-13T15:14:37]]></BackupTime><ID><![CDATA[{07BDCD6A-3F72-473C-82B9-67BB69DBE54D}]]></ID><Comment><![CDATA[Backup GPO created by LocalGPO tool]]></Comment><GPODisplayName><![CDATA[Local Policy Export]]></GPODisplayName></BackupInst>

            This issue is occurring in XP and Win7.

            Any suggestions?

            Best Regards,

            Leo

          29. Leslie says:

            Don't know if this will help anyone or not.  I just installed today and started trying to import some of my group policies and get the "null" error.  What seemed to be causing it was custom policies; those that do not exist in the default Microsoft set.  In my case, policies that were being set using my own adm files.  If I set all of these "custom" policies to undefined, then it would import fine.  I know this isn't a real solution, but just a pointer in the problem's direction.  I am going to investigate this more in the next couple of days and will report if I find anything better.

          30. Ken says:

            hi Jeff:

            SCM v2 looks pretty awesome. However, when we try to use the import gpo function, we keep getting errors:

            =============================

            System.ArgumentNullException

            ==================

            Value cannot be null.

            Parameter name: value

            ——————

            Program Location:

            at Microsoft.SecurityComplianceManager.ClientObjects.Settings.Setting.set_DisplayName(String value)

              at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreateIncompleteSetting(String uiPath, String displayName, String value)

              at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolSettingFromSectionNameAndKey(String path, String keyName, String dataType, String value)

              at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolMachineSettings(List`1 polMachineSettingsValues)

              at Microsoft.SecurityComplianceManager.ImportGPO.ImportGPOCommon.ImportGpoFromFolder(String folderPath)

            We are not using USGCB gpo's…this is a home grown GPO that we backedup and are trying to import into scmv2 to get ready for windows 7 deployment.

            any advice?

            thanks.

            Ken

          31. Krevard says:

            Hi,

            I posted but my message disapeared…

            The tests were made on Windows 7 Enterprise 32 bits and Windows XP Pro 32 bits. Both OS are in english with french and german MUI.

          32. alan says:

            Hi, i'm using this tool for Windows 7 hardening, and I would like to ask if there is any advice for rolling-back actions? Is there any guide?

            Thanks

            Bye

          33. Trouble downloading SCM v2 says:

            I connected to Microsoft Connect successfully, but I'm getting the error message you show pictured above.  I already emailed SecWish@Microsoft.com… with no response yet.  Can you help me get this download ASAP?

          34. SCM 2 Setup failed says:

            Logging started at 05/27/2011 17:14:06

               Application: scmsetup.exe Build 2.0.0.0 retail

               Platform:    Win32NT 6.1.7601.65536 Service Pack 1

               UI Culture:  de-DE

               Culture:     de-DE

            ==================================================

            <VRASetup 17:14:06>  VRASetupMainPage.Main_Entry

            <PropertyStore 17:14:06>  AddProperty_Start

            <PropertyStore 17:14:06>  AddProperty: Name:'IsInstallationComplete' Value:'False'

            <PropertyStore 17:14:06>  CheckPropertyPresence_Start

            <PropertyStore 17:14:06>  CheckPropertyPresence_End

            <PropertyStore 17:14:06>  AddProperty_End

            <PropertyStore 17:14:06>  AddProperty_Start

            <PropertyStore 17:14:06>  AddProperty: Name:'IsInstallation' Value:'False'

            <PropertyStore 17:14:06>  CheckPropertyPresence_Start

            <PropertyStore 17:14:06>  CheckPropertyPresence_End

            <PropertyStore 17:14:06>  AddProperty_End

            <PropertyStore 17:14:06>  AddProperty_Start

            <PropertyStore 17:14:06>  AddProperty: Name:'IsUpgrade' Value:'False'

            <PropertyStore 17:14:06>  CheckPropertyPresence_Start

            <PropertyStore 17:14:06>  CheckPropertyPresence_End

            <PropertyStore 17:14:06>  AddProperty_End

            <PropertyStore 17:14:06>  AddProperty_Start

            <PropertyStore 17:14:06>  AddProperty: Name:'IsRepair' Value:'False'

            <PropertyStore 17:14:06>  CheckPropertyPresence_Start

            <PropertyStore 17:14:06>  CheckPropertyPresence_End

            <PropertyStore 17:14:06>  AddProperty_End

            <PropertyStore 17:14:06>  AddProperty_Start

            <PropertyStore 17:14:06>  AddProperty: Name:'SolutionInstalled' Value:'False'

            <PropertyStore 17:14:06>  CheckPropertyPresence_Start

            <PropertyStore 17:14:06>  CheckPropertyPresence_End

            <PropertyStore 17:14:06>  AddProperty_End

            <PropertyStore 17:14:06>  this_Start

            <PropertyStore 17:14:06>  CheckPropertyPresence_Start

            <PropertyStore 17:14:06>  CheckPropertyPresence_End

            <PropertyStore 17:14:06>  this_End

            <PropertyStore 17:14:06>  AddProperty_Start

            <PropertyStore 17:14:06>  AddProperty: Name:'IsInstallation' Value:'True'

            <PropertyStore 17:14:06>  CheckPropertyPresence_Start

            <PropertyStore 17:14:06>  CheckPropertyPresence_End

            <PropertyStore 17:14:06>  AddProperty_End

            <VRASetup 17:14:06>  VRASetupMainPage.HandleError_Entry

            <VRASetup 17:14:06>  VRASetupMainPage.HandleError_Entry

          35. danny says:

            Great stuff.

            Any plans to implement a feature to copy groups from one baseline to another ?  E.g. the DC baselines contains settings for system services whereas the member baseline doesn't (and I don't see a way to get it in).

          36. SE says:

            Hello,

            sorry, i thought i read that v2 fixed the .inf import issue?  or did i read wrong?  i'm trying to test this out before I present to management and the only option i see is to import .cab files.

          37. Krevard says:

            Hi,

            I solved my problem by uninstalling Framwork 4 entirely, putting the language to english. I extracted your exe and launched the MSI…

            But now I have a problem mentionned upper, I canno t import my own GPOs.

            =============================

            System.ArgumentNullException

            ==================

            Value cannot be null.

            Parameter name: value

            ——————

            Program Location:

            at Microsoft.SecurityComplianceManager.ClientObjects.Settings.Setting.set_DisplayName(String value)

              at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreateIncompleteSetting(String uiPath, String displayName, String value)

              at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolSettingFromSectionNameAndKey(String path, String keyName, String dataType, String value)

              at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolMachineSettings(List`1 polMachineSettingsValues)

              at Microsoft.SecurityComplianceManager.ImportGPO.ImportGPOCommon.ImportGpoFromFolder(String folderPath)

            The other thing is that when I import GPOs from SCM to Active Directory, I canno t see the result… (HTML result in the tab.-…)

            Thanks for ure answer..

          38. ML49448 says:

            When trying to import our default domain policy into SCM v2 we just get the following error message,

            Value cannot be null.

            Parameter name: value

          39. FrankB says:

            GREAT NEWS!!!

            EAGERLY awaiting the release.

            Thanks Jeff!

          40. Rob says:

            I've posted a couple of bugs on the connect site, but haven't heard back…

          Skip to main content