Information on using Mobile Device Manager in a locked down environment
The System Center Mobile Device Manager 2008 Security Configuration Wizard (SCW) includes three templates that you can apply to MDM servers to help enhance security by disabling functionality that is not required for the servers.
The SCW is an attack-surface reduction tool that is bundled with Microsoft Windows Server 2003. By using the SCW, you can create security templates that then can be applied to the server on which they were created or to other similarly configured servers.
The MDM SCW templates provided in this download are pre-configured by using SCW to disable functionality that is not required on each MDM server. The following SCW templates are included:
* DeviceManagementPolicy.xml - Template for MDM Device Management Server
* EnrollmentPolicy.xml - Template for MDM Enrollment Server
* GatewayPolicy.xml - Template for MDM Gateway Sever
For more information about using SCW, see "SCW Quick Start Guide" on the following
TechNet Web page: http://go.microsoft.com/fwlink/?LinkId=118378
Obtain the Server Tools here:
Resource Kit Tools - Server Tools
http://www.microsoft.com/downloads/details.aspx?FamilyID=0433b453-15a5-48ae-a343-6a1053f46251&displaylang=en
Network Service account requirements, as well as other security specific content:
Provide Network Service Permissions to the Certificate
http://download.microsoft.com/download/7/e/f/7ef580df-3666-4746-b5ad-67393983c819/SCMDM08Deployment.doc
Other Tools:
System Center Mobile Device Manager Resource Kit Tools
http://technet.microsoft.com/en-us/scmdm/cc304591.aspx
Other security content:
Security Best Practices in MDM
http://technet.microsoft.com/en-us/library/dd261854.aspx
MDM Backup and Recovery
http://technet.microsoft.com/en-us/library/dd261892.aspx
Security and Protection for Mobile Device Manager
http://technet.microsoft.com/en-us/library/dd252842.aspx
Clint Koenig | Support Escalation Engineer
