From the past two years I advertised in this blog many posts about SCM (Security Compliance Manager) and today I want to write about SCM V2 (Beta). You can start by downloading the beta version from Connect after registering to be part of the Beta program. Once you download it and install this version you will notice that the interface changed:
Notice that the interface is much cleaner and easier to use than before. The Microsoft Baseline templates are all on the left pane separated by product. To demonstrate how this works, let’s use IE9 as an example:
1. On the left pane expand Internet Explorer 9.
2. Click Attachments / Guides. In the middle pane you have the DOCx file associated with this option and you can use the Save As option on the right pane to save the file locally.
3. Click IE9-Computer-Compliance-Beta 1.0.
4. On the middle pane look for the option User SmartScreen Filter and click on it. Click Settings Details to see more options.
Notice that you have a clear way to not only identify the policy that you want to know more, but also to identify the Description, Vulnerability that this feature can assist to mitigate, potential impact when you enable this feature and counter measure associated to this feature. In addition to that you have on the bottom the registry key affected by this setting. On the right pane you have lots of options that allows you to manipulate the whole template or just this particular setting. One of the options that I really like is the capability to export the whole baseline to Excel, which you can do by using the option below:
When you use this option, it will ask where you want to save and it will automatically open Excel to start import the content:
The reason why I like this option is because when you export the baseline to an Excel file you have all fields that you can play with by adding or removing columns, querying for particular values, etc. The Customize Fields button for example, allows you to add more columns in the current spreadsheet as shown below:
When you are troubleshooting or investigating a potential issues with a particular setting, this capability is very handy because it allows you to add the Registry Hive and Registry Key. Very cool indeed! Another feature that is very intuitive to use and very important is the capability to compare your own baseline with a particular Microsoft Baseline. Let’s use the Windows Server 2008 R2 SP1 Domain Controller Compliance Beta 1 as an example:
Once you select the baseline, you can use the option Compare in the right pane to compare against yours and see the differences.
The goal here was only to give you a glimpse of this new version, if you want to dig in more about the new feature read the post SCM v2 (BETA) + New Baselines Available to Download. But I truly encourage you to download the tool and start to play with it.