Security Compliance Management Toolkit Release NotesFebruary 2009© 2009 Microsoft Corporation. All rights reserved.
Contents
§1. Download and on-line locations for the Security Compliance Management Toolkit
§2. Brief description of the Security Compliance Management Toolkit
§3. Getting started
§4. Contents of download package
§5. Copyright and license agreement
§6. Windows Vista Security Guide Release Notes
§7. Windows XP Security Guide Release Notes
§8. Windows Server 2008 Security Guide Release Notes
§9. Windows Server 2003 Security Guide Release Notes
§10. 2007 Microsoft Office Security Guide Release Notes
§11. GPOAccelerator Release Notes
§12. Security Compliance Management Release Notes
The Security Compliance Management Toolkit is free on Microsoft TechNet and the Microsoft Download Center.
The Solution Accelerators – Security and Compliance (SA-SC) team developed the security guides included in this suite to provide you with recommendations for hundreds of Group Policy security settings designed to assist customers in making the environments of their organizations more secure.
In the past, deploying the prescribed security guidance was a long and tedious process that involved multiple manual steps. Correctly deploying the security guidance, even in a test environment, could take hours. The updated guides include tools and templates that take advantage of built-in features in Windows® operating systems and Microsoft® Office applications to enable users to deploy all the prescribed settings efficiently.
This guide has been reviewed and tested by Microsoft engineering teams, consultants, support engineers, partners, and customers in an effort to make it:
· Proven – Based on field experience.
· Authoritative – Offers the best advice available.
· Accurate – Technically validated and tested.
· Actionable – Provides the steps to success.
· Relevant – Addresses real-world security concerns.
As in the previous releases of these security guides, each guide describes the following two environments:
· Enterprise Client (EC) – In this environment organizations seek to balance security and functionality. Typical security-conscious enterprises, government departments, and other organizations should start with the EC setting recommendations and customize them to meet their individual circumstances and requirements.
· Specialized Security - Limited Functionality (SSLF) – In this environment, organizations maintain very stringent security standards. Concern for security is so great that a significant loss of functionality and manageability is acceptable. SSLF setting recommendations are designed for organizations and departments with national security responsibilities or that handle highly classified information.
Warning The SSLF security settings are not intended for the majority of organizations. The configuration for these settings has been developed for organizations where security is more important than functionality.
These guides include recommendations for Group Policy settings that are specific to each of these environments, as well as recommendations for an organizational unit (OU) structure that is adequate for deploying the settings in either environment.
The security guides in the download for this Solution Accelerator are intended to work with the GPOAccelerator. The GPOAccelerator tool allows users to configure security settings for Microsoft operating systems and applications for either the Enterprise Client (EC) baseline or Specialized Security – Limited Functionality (SSLF) baseline that organizations can create and establish to test in minutes before deploying them. The GPOAccelerator companion How-to guide provides test and deployment guidance for these activities.
To start using this Solution Accelerator, Microsoft recommends first reading the "Overview" section of each security guide that is relevant to your environment. The Overview defines the purpose and scope of each guide, the intended audience for each guide, and indicates how the guidance is organized to assist you in locating information both in the guides and the resources that accompany them. The Overview section of each guide also describes the tools and templates, and the user prerequisites for each guide.
To obtain the most value from this material, Microsoft recommends reading the entire guide of each Microsoft product that is relevant to your organization. However, it is possible to read individual portions of the guides to achieve specific aims. The "Chapter Summaries" section in the Overview of each guide briefly introduces each chapter. For more information about security topics and settings related to these security guides, see the companion guide, Threats and Countermeasurescompanion guide.
To best take advantage of the security guidance, templates, and tools, Microsoft recommends the following steps:
1. Read the Release Notes (this document).
2. Read the Overview and Chapter 1 of each security guide that is relevant to your environment.
3. Read additional portions of each security guide as appropriate.
4. Determine the risk posture for your environment: EC settings and recommendations are appropriate for most organizations; SSLF settings and recommendations are only suitable for organizations where concern for security is so great that a significant loss of functionality and manageability is acceptable.
5. Install the GPOAccelerator.
6. Use the GPOAccelerator to configure a security baseline for your organization.
7. Customize the security configuration.
8. Test and verify the security configuration.
9. Deploy the security configuration.
10. Read the Baseline Compliance Management Overview and the DCM Configuration Pack User Guide in the DCM Configuration Packs folder of the Security Compliance Management Toolkit for your security baseline.
11. Use the desired configuration management (DCM) feature of Microsoft System Center Configuration Manager 2007 Service Pack 1 (SP1) with the Configuration Packs for the operating systems and Office applications in your environment to monitor your security baseline.
Security guides for 2007 Microsoft Office Security Guide, Windows XP Security Guide, Windows Vista Security Guide, Windows Server 2003 Security Guide, and the Windows Server 2008 Security Guide are also available on TechNet.
The Security Compliance Management Toolkit download package for this Solution Accelerator enables you to download the following files:
Release Notes.rtf
Security Compliance Management Toolkit - All.zip
Security Compliance Management Toolkit - FAQ.docx
Security Compliance Management Toolkit_2007 Office.zip
Security Compliance Management Overview.docx
2007 Microsoft Office Security Guide.docx
2007 Microsoft Office Security Baseline Settings.xlsm
2007 Microsoft Office Security Baseline.xml
DCM Configuration Packs
Baseline Compliance Management Overview.docx
DCM Configuration Pack User Guide.docx
OSG-EC.cab
OSG-SSLF.cab
GPOAccelerator
GPOAccelerator.msi
How to Use the GPOAccelerator.docx
Security Compliance Management Toolkit_Windows Server 2003
Windows Server 2003 Security Guide.docx
Windows Server 2003 Attack Surface Reference.xlsx
Windows Server 2003 Security Baseline Settings.xlsm
Windows Server 2003 Security Baseline.xml
INF Files
WS03-EC-Domain.inf
WS03-EC-Domain-Controller.inf
WS03-EC-Member-Server.inf
WS03-SSLF-Domain.inf
WS03-SSLF-Domain-Controller.inf
WS03-SSLF-Member-Server.inf
...
Amiga789