6.3 KiB
title, description, ms.prod, ms.localizationpriority, ms.author, author, manager, ms.topic, ms.date, ms.reviewer, ms.technology
| title | description | ms.prod | ms.localizationpriority | ms.author | author | manager | ms.topic | ms.date | ms.reviewer | ms.technology |
|---|---|---|---|---|---|---|---|---|---|---|
| Get support | Frequently asked questions about how to get support for Windows baselines and the Security Compliance Toolkit (SCT). | windows-client | medium | dansimp | dulcemontemayor | aaroncz | conceptual | 06/25/2018 | itpro-security |
Get Support for Windows baselines
Frequently asked questions
What is the Microsoft Security Compliance Manager (SCM)?
The Security Compliance Manager (SCM) is now retired and is no longer supported. The reason is that SCM was an incredibly complex and large program that needed to be updated for every Windows release. It has been replaced by the Security Compliance Toolkit (SCT). To provide a better service for our customers, we've moved to SCT with which we can publish baselines through the Microsoft Download Center in a lightweight .zip file that contains GPO backups, GPO reports, Excel spreadsheets, WMI filters, and scripts to apply the settings to local policy.
For more information, see Security Compliance Manager (SCM) retired; new tools and procedures.
Where can I get an older version of a Windows baseline?
Any version of Windows baseline before Windows 10 version 1703 can still be downloaded using SCM. Any future versions of Windows baseline will be available through SCT. To see if your version of Windows baseline is available on SCT, see the Version matrix.
What file formats are supported by the new SCT?
The toolkit supports formats created by the Windows GPO backup feature (.pol, .inf, and .csv). Policy Analyzer saves its data in XML files with a .PolicyRules file extension. A local group policy object (LGPO) also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. For more information, see the LGPO documentation. The .cab files from SCM are no longer supported.
Does SCT support the Desired State Configuration (DSC) file format?
Not yet. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration. We're currently developing a tool to provide customers with these features.
Does SCT support the creation of Microsoft Configuration Manager DCM packs?
No. A potential alternative is Desired State Configuration (DSC), a feature of the Windows Management Framework. A tool that supports conversion of GPO backups to DSC format is the BaselineManagement module.
Does SCT support the creation of Security Content Automation Protocol (SCAP)-format policies?
No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new toolkit also doesn't include SCAP support.
Version matrix
Client versions
| Name | Build | Baseline release date | Security tools |
|---|---|---|---|
| Windows 10 | Version 1709 | October 2017 August 2017 October 2016 January 2016 January 2016 |
SCT 1.0 |
| Windows 8.1 | 9600 (April Update) | October 2013 | SCM 4.0 |
Server versions
| Name | Build | Baseline release date | Security tools |
|---|---|---|---|
| Windows Server 2016 | SecGuide | October 2016 | SCT 1.0 |
| Windows Server 2012 R2 | SecGuide | August 2014 | SCT 1.0 |
| Windows Server 2012 | Technet | 2012 | SCM 4.0 |
Microsoft products
| Name | Details | Security tools |
|---|---|---|
| Internet Explorer 11 | SecGuide | SCT 1.0 |
| Exchange Server 2010 | Technet | SCM 4.0 |
| Exchange Server 2007 | Technet | SCM 4.0 |
| Microsoft Office 2010 | Technet | SCM 4.0 |
| Microsoft Office 2007 SP2 | Technet | SCM 4.0 |
Note
Browser baselines are built-in to new OS versions starting with Windows 10.