New version of SCM causes peace on Earth

New version of SCM causes peace on Earth

  • Comments 11
  • Likes

Well... I might be exaggerating just a bit about the “peace on Earth”, but it’s a worthy goal isn’t it!? :) I’m writing this post for a couple reasons:

 

1.    Announce an updated version of Microsoft Security Compliance Manager (SCM)

2.    Discuss the SCM roadmap for the next year+

 

I hope it is helpful and informational. As always when I blog, I invite you to reach out to me directly (my email is at the bottom of this post, but you will have to re-construct it) or contact the entire SCM team directly with any feedback you might have.

 

SCM Version 1.1.2.0 Now Available!

 

We are constantly looking for ways to improve our offerings (SCM, Baselines, etc.), and we take customer and partner feedback very seriously! The SCM team heard from a number of you since initially shipping SCM v1.0 back in April 2010 that downloading Baselines from within SCM was failing behind *some* corporate proxy servers. It was a strange problem for us to reproduce because our ISA server internally here at Microsoft works perfectly with SCM (funny huh!?). We reached out to a number of you who had reported the problem to us and I’m happy to report we figured it out! Much thanks to all the people who contributed to this fix (you know who you are)!

 

If you are curious, the problem had to do with how we were calling the Web API’s in .NET. At a high level, there were two things we weren’t doing properly:

 

1.    The proper way to download anything through this Web API is to always assume you are behind a proxy; you simply tell the API (HttpWebRequest.GetSystemWebProxy) to use the system configured proxy. The HTTP code in Windows figures out if it needs to talk to a proxy or not and the app is blind to it (as it should be).

2.    We needed to also tell the Web API to use the logged-on users’ credentials, just in case the proxy server requires authentication. To be clear, SCM does NOT collect any user credentials – we simply tell the API to contact the proxy as the logged-on user. If we didn’t do this, a “locked-down” proxy server would still fail even given the fix mentioned in 1. above.

 

Whew – that’s a lot of detail to tell you that you can now download this updated version of SCM! Here are all of the links for downloading:

 

·         Microsoft_Security_Compliance_Manager.Setup.exe (SCM v1.1.2.0 MSI Installer)

·         Baseline Download Help.rtf (Ever wanted to download a baseline outside of SCM, here’s how)

·         Release Notes.rtf (Duh, the release notes)

·         SCM Getting Started Guide.docx (Great walkthrough / intro to SCM document)

 

If you have an existing install of SCM and don’t want to lose your data (i.e. Baselines), we have a section in the Release Notes how to do just that. It’s quite painless – I promise. Also, you will start seeing this update offered to you within SCM itself (if you can get through your proxy :) and you have that feature enabled). Please reach out to us if you have any troubles!

 

I’ve also decided to maintain a nicely formatted version history of SCM. Here you go!

 

SCM Version History

 

SCM v1.1.2.0 (November 19th, 2010)

·         SCM Download: fixed ability to obtain baselines and application updates behind some proxy servers

 

SCM v1.1.1.0 (September 8th, 2010)

·         SCM UI: fixed various display problems when using a very low screen resolution

·         SCM Export: optimized the .CAB file size when users export in the SCM baseline format

·         Local GPO tool: fixed local import of settings so that this tool now applies them incrementally (instead of full reset)

 

SCM v1.0.0.0 (April 6th, 2010)

·         Initial Release

 

SCM Roadmap

 

The SCM team is already hard at work on our next major version of SCM. It is based 100% on your feedback and has one overriding goal: SIMPLICITY. In case you were wondering, we got the message loud and clear – you mostly love SCM, but boy it could be simpler to use. We strive for perfection – so keep that feedback coming.

 

I’m predicting that we release this new major version of SCM in early calendar year 2011 (first quarter timeframe). This is software however, and we will do the best we can to make it very high quality and as fast as possible. I also wanted to share some of the items that are HIGH on our feature list:

 

·         Import GPO Backups into SCM (can I hear a yay!?)

·         Don’t require a new SQL Express instance during setup – you can point SCM during setup to an existing SQL (and it doesn’t have to be Express - can I hear another big yay!?)

·         User Interface improvements – simplify common tasks, better utilization of screen real estate

 

Are you curious what we are thinking about for SCM even beyond this next major version? Well, SCM in the Cloud (think Windows/SQL Azure) is a very exciting concept we are playing with at the moment. One could imagine using just the browser to view all of Microsoft’s latest up-to-date guidance and best practices. Privacy is obviously a large concern for a lot of people when you talk “public cloud”, so we are considering two modes: 1.) create your baselines in the cloud itself 2.) create your baselines on your local disk and use Microsoft baselines, which are in the cloud, as your starting point. Just food for thought on where we are heading!

 

And now a message from our sponsors...

 

The Security Compliance Manager (SCM) tool is just one of the tools provided by the Microsoft Solution Accelerators team. The Microsoft Assessment and Planning Toolkit, Microsoft Deployment Toolkit, and Security Compliance Manager all provide tested guidance and automated tools to help you plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. All are freely available, and fully-supported by Microsoft. Learn more

 

 

Thanks for using and loving SCM! Cheers!

 

 

Jeff dot Sigman at microsoft dot com
{Programmer Dude}
Microsoft | Solution Accelerators

 

Comments
  • The baseline downloads for Windows 7, Windows Server 2008 R2, IE8 are not functional from the SCM GUI or from the Baseline Download Help File - get a 404.  Would love to have these baselines for my current project.  Any chance of posting the .cab's here until the download.microsoft.com URL's are fixed?

    Thanks,

    Josh

  • Josh, thanks for reporting this! Whoops, sorry about the trouble!

    blogs.technet.com/.../whoops-sorry-about-the-baseline-troubles.aspx

    -Jeff

  • Can we add support for SCM to be installed on Windows Server 2008 R2 in the next version?  Would love for it to be included with the Remote SQL option...

    Thanks

  • Anton, I am just becoming aware of the installation problem on 2008 R2. Investigating now. Very strange that it won't install! Thanks for reporting this...

    We are removing the SQL Express Only limitation next version, but we won't be doing remote SQL most likely until we do the "azure" version of SCM.

    Thanks for using SCM!

    -jeff

  • Jeff,

    I haven't tried to install it on 2008 R2 yet, the guide only says Vista and Windows 7 for supported OS.  So it can be installed on 2008 R2?

    So when you say point to an existing SQL, the SQL Instance can't be on another server? ...that is what I meant by remote SQL.

    Thanks,

  • Hey again Anton. I've heard from 3-5 people now that install is choking on 2008 R2 - I'm speaking with Test about this later today. :) We will figure it out and I might write a wiki article on how to get it working (if we can figure it out, which I don't doubt).

    Yes, I thought that was what you meant. :) We will let you point to an existing SQL instance in SCM 2.0, but on the local machine. We won't support (or test) remote SQL. This is for one reason really - SCM wasn't designed to work with network latency between the surface (UI) and the database. It would be a pretty bad user experience.

    We are going to solve this in SCM in the Cloud! That may be sooner than you think!

    -jeff

  • Jeff,

    Ok, thanks for the update, looking forward for the solution to be able to install it on 2008 R2.  

    I will get my magic carpet ready for my trip to the Cloud...  :-)  !!!

  • No worries! Nice - magic carpet! :) -jeff

  •  As I understand it the EC baselines were created in part with direction from the FDCC (Federal Desktop Core Configuration). The FDCC has been recently absorbed by the NIST sponsored USGCB (United States Government Configuration Baseline) and replaces the former FDCC security baseline configuration recommendations. Will the SCM be providing updates to the current EC baselines in accordance with the USGCB recommended settings either/or will the SCM soon be able to import the baselines provided by the USGCB in SCAP, OVAL and/or GPP Backup format so they can be managed with the SCM?

  • Where can we find information regarding error messages? We are testing this tool in order to provide a baseline for some of our systems. These systems do not have internet access and are in a workgroup. We have installed Win7 SP1 and the new SCM but when we attempt to duplicate one of the existing baselines for modficiation we get "XQuery [Setting.Check.modify()]: There is no function '(www.w3.org/.../xpath-functions):upper-case()". We can't diagnose the issue...

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment