Introduction
As on my previous post, I have cover the installation of the security tools that known as Microsoft Security compliance Manager.If you would like to revisit the article again, you can click on this link at Microsoft Security compliance Manager V2 : Part 1. On this article I will show you how to perform a security baseline in the domain environment. I will also show you how to backup the group policy object.
Requirement
You need to have a backup of your current group policy object before you can start using the tools.
Backup Group Policy Object step by step
- This is a very easy task, what you need to do is login to the active directory server and launch the group policy management console as shown as below. You can find the tools under administrative tools in control panel.
- Right click the group policy object that you will like to backup.
- Select the location where you want to backup the files and have a proper labeling on the description.
- This is what you will see after the backup is successful.
- This would be the files that you have backup and we are ready for the 2nd stage to import into the Microsoft security compliance tools
Microsoft Security Compliance tool step by step
- You can start the security tools by clicking on the security compliance manager icon
- On your left hand click the GPO Backup(Folder) to start import the policy into the tool.
- Select the path where you have store the GPO and press OK
- For the GPO Name you can label any name that you like, but of course the name must be a meaningful name
- If there is no corruption or wrong format on the group policy, you should be able to import the policy.
- Screenshot of the GPO that you have imported
- Now we would like to check on what is missing in our current security baseline with the industry standard.You can find the button at the right hand side of the tools.
- Since we use the default domain controller policy as our sample. In this article I will use the baseline that provided by Security Compliance Manager.You will need to select the correct operating system.
- Select the Domain Controller Security Compliance 1.0 and click OK
- You will see the list of the comparison and what need to improve. You have the option to export the files into excel format and slowly understand what needs to be implemented. However I will suggest you test this on your lab and validate whether this fits into your organization before you implement it.
Summary
This tools provide a good benchmark in term of validating compliance issue in the organization and also to mistake in wrong configuration or non standard.I hope this article does give you an idea on improving your security defense.Stay tune to my next article on the local security policy.
Your feedback is much appreciated. Let us know what you think about the blog and what you will like to see more. I am looking forward to read your suggestion.
No comments:
Post a Comment