Microsoft Security Compliance Manager

Hello guys,

Security Compliance Manager 2 (SCM 2) is a free tool from the Microsoft Solution Accelerator team that enables you to quickly configure and manage your desktops, traditional datacenter, and private cloud using Group Policy and System Center Configuration Manager.

SCM 2 provides ready to deploy policies and DCM configuration packs that are tested and fully supported. These baselines are based on Microsoft Security guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.
Easily configure computers running the latest Windows® operating systems, Microsoft® Office applications, and Windows Internet Explorer® with industry leading knowledge and fully supported tools.

Take advantage of SCM to import the configuration of a “golden master” reference machine or existing Group Policy. Compare your standards to industry best practices, customize them using rich knowledge, and seamlessly create new policies and DCM configuration packs in the user-friendly UI designed to work with Microsoft System Center Configuration Manager 2007 R2.

Read more about SCM version 2 here.

PKI at Microsoft

Microsoft IT installed a public key infrastructure to implement a security-enhanced communications and remote authentication infrastructure. This enabled the use of S/MIME signatures and encryption, helped secure Web connections by using Secure Sockets Layer or Transport Layer Security, helped ensure the confidentiality of stored data by using Encrypting File System, helped ensure the confidentiality and integrity of transmitted data by using IPsec, and enabled strong network user authentication by using smart cards.

Download the document here.

Active Directory links

Hi guys,

Here are a few links I use for gettings information about Microsoft’s AD and best practices.

Just wanting to share the links with you.

Have fun with them.

Best Practice guide for securing AD installations
Best practice guide for securing AD installations and day to day ops (part 1)
Best practice guide for securing AD installations and day to day ops (part 2)
Windows Server 2003 Deployment Kit: Designing and deploying Directory and Security Services
Server 2003 Security Guide
Server 2008 Security Guide
Achieving autonomy and isolation with forest, domains and OU’s
AD Security Technical Implementation guide (non MS)

Forefront Endpoint Protection 2010 Update Rollup 1 :more info

Hi guys,

An Update Rollup for Forefront Endpoint Protection 2010 is now available here.

In addition to hotfixes, this Update also includes some important changes to note:

  1. Support for Windows Embedded 7 platforms:  With this update, the FEP client software is supported on certain Windows Embedded 7 platforms and Windows Server 2008 Server Core.  For more information about the additional support, see Prerequisites for Deploying Forefront Endpoint
    Protection on a Client Computer
  2. Signature Update Automation Tool used with Configuration Manager Software
    :  This tool automates downloading FEP definition updates using Configuration Manager 2007 Software Updates.  This is a command line tool that uses Configuration Manager APIs to get new definitions from Microsoft Update via the Configuration Manager software update feature, distribute the content to distribution points, and deploy the updates to Endpoint Protection clients on a recurring schedule.  The automation of the tool is done through the Windows task scheduler. To download the tool:  Go here.
  3. Two new preconfigured policy templates for the following server

a.  Microsoft Forefront Threat Management Gateway

b.  Microsoft Lync 2010

You can find more details in the “What’s New” document on the TechNet site.  Please check out this KB article for a full list of fixes included in this Update Rollup.

Microsoft Security Compliance Manager (SCM) – Getting Started

Installation Steps

This section provides instructions on how to install the Microsoft Security Compliance Manager (SCM) tool. While installing the tool, you can configure it to download all of the latest security baselines from Microsoft, or after completing the installation you can access the Tools menu to check for baselines.

Note The download process for SCM automatically installs SQL Server 2008 Express Edition on your computer if you do not already have this software. Continue reading “Microsoft Security Compliance Manager (SCM) – Getting Started”

Coordinated Vulnerability Disclosure

Hi guys,

Just a informative video about coordinated vulnerability disclosures.

Take a look and decide for yourself what you want to do when and if you find/report a bug or problem in software. Continue reading “Coordinated Vulnerability Disclosure”

Microsoft Security Update Guide V2

The Microsoft Security Update Guide is a valuable source of in-depth information and tools that can help you protect your IT infrastructure while creating a safer, more secure computing and Internet environment. We developed this guide to help IT professionals better understand and maximize Microsoft security update release information, processes, communications, and tools.

ePolicy Orchestrator 4.0 EOL

As of September 30th 2011 the support for ePolicy Orchestrator version 4.0 will be stopped. ePO 4.0 will no longer be tested with new releases of related products or utilities. As of this date, technical support will no longer be provided for ePO 4.0.

Customers who are still running ePO 4.0 as of 9/30/2011 will be required to migrate to a currently supported version of the product (ePO 4.5 or the following release) immediately.

For more information on End of Life and End of Support for McAfee Products, see:

Use SMSMap tool to document FEP components

Visio is one of the most popular tools for creating diagrams that describe effective systems and processes. In every project in which I participate, when it comes to documenting what you did I always have to create a diagram where I defined architecture, server configuration, network, etc. A picture is worth a thousand words and Visio is the tool of choice in these documentation tasks. Continue reading “Use SMSMap tool to document FEP components”