SCM v2 (CTP) Available to Download

UPDATE: The SCM v2 CTP has been removed from MS Connect, please download the SCM v2 Beta. Thanks for the patience! -jeff [Jun 27th, 2011]

 

Hello everyone! You’ve all been very patient with the SCM team and I wanted to thank you for that. I’ve received (literally) hundreds of emails in the last month or so asking me when GPO IMPORT / SCM v2 CTP was going to be available – and I’m proud to tell you it is here!

SUMMARY

NEW FEATURE: GPO Import

SCM is now able to parse a GPO Backup and import that knowledge into the tool.

SCM is also able to “associate” an imported GPO against a product. This is an advanced feature in case you plan to do a lot of maintenance around the content you’ve imported.

Any content inside of the POL, INF and CSV files SCM doesn’t understand *should* be preserved, but not edit-able within SCM. When you export the content back out to a GPO Backup - it should still be present. **See known issues at the bottom of this email

NEW FEATURE: Existing instance of SQL during install  

We no longer force SQL Express upon you. :) You can point SCM during setup at an existing local instance of SQL (2005+).

ASK

This is a CTP release. We are not yet feature complete for the version 2.0 release. We plan to be feature complete by the April/May Beta release. The chief ask of you is that you pound on these two new features. We need you to bring out all of the GPO Backups you might have, attempt to import them into the tool, and then tell us what happens!

FEEDBACK

Please send all feedback in email: SecWish@microsoft.com. Be sure to include a zipped up copy of your GPO Backup (if applicable).

DOWNLOAD

These steps must be followed in the sequence listed below OR THE DOWNLOAD WON’T WORK.

1.) Join the connect program: Register

2.) You’ll have to sign-in with your live id and register with MS Connect if you’ve never done that

3.) You should then have access to the download itself: Download

If you see this message, you didn’t follow the above steps in sequence. J It is also possible you’re hitting a MS Connect issue. Please email us if that is the case.

KNOWN ISSUES

1.) If the GPO Import has “other” files in it, like custom extensions or GP Preferences – SCM doesn’t carry these files forward. Please feel free to let us know what in your GPO Backup doesn’t make it across.

2.) Local GPO Tool forces you to uninstall the old version to upgrade to the new version which comes with SCM v2.

3.) The UI in SCM v2 is nearly identical to the UI in SCM v1 – except that it is a lot quicker most of the time. You might notice that we sometimes show “Settings Loading…” in a strange way. This is work in progress. We are doing a lot of UI improvements in the Beta.

4.) When you import a GPO sometimes the success or failure message is trapped BEHIND the SCM window. You have to look in your taskbar to find it. This is frustrating – we are sorry – and we are fixing it.

Cheers!
- The SCM Team

Comments

  • Anonymous
    January 01, 2003
    Welcome! Sorry about the USGCB troubles. We were blown away with just how many people tried these GPOs. We now have them in our test suite to make sure all is well! :) -jeff

  • Anonymous
    January 01, 2003
    Some USGCB GPOs have troubles - we've fixed a lot of bugs in this area since the CTP. I'll be asking for your help in trying again when we release the beta. I don't yet have an ETA for the Beta put I'll be posting to the blog with a timeframe soon! -jeff PS - If I has a simple workaround I would post it. This isn't fixable without a code change in SCM I'm afraid. :(

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    It is still available Eileen - shoot us an email listed in the blog post and we can get you added to the CTP. Hey Pat - thanks for sending those to us. Just to let you know, we believe we have fixed all issues we have seen in the USGCB GPOs to date - we are just getting the quality of SCM ready to release as a beta. Thanks for helping us out!! -jeff

  • Anonymous
    January 01, 2003
    I just pulled the CTP download down. Hmmmm.. Why would I do this? :) Well, watch the blog tomorrow to find out! :) Cheers -jeff

  • Anonymous
    January 01, 2003
    Wow Jason! Thanks for saying that. We are quite proud of SCM and it has a very bright future. Can't wait to get SCM v2 out there and start working on everything we want to do in v2.5 and v3.0! :) Thanks for sending the email with your GPO. We are on it! -jeff

  • Anonymous
    January 01, 2003
    Sorry folks for not posting many replies here recently. We are looking at releasing the SCM v2 Beta NEXT WEEK! We are very very close on this thing. It is looking great right now and I expect it to be on time. Hang in there with us - this Beta will resolve 99% of GPO Import issue along with a slew of fixes and UI improvements. I'm writing the blog post to announce it this week so that I am ready to go! :) Cheers -jeff

  • Anonymous
    January 01, 2003
    Hey Garrett. Thanks for the time on v2! :) You need to go to a machine with internet access, download the product baselines you desire, then sneakerNet them over to the SCM machine, import, disco. social.technet.microsoft.com/.../microsoft-security-compliance-manager-scm-baseline-download-help.aspx Rock on. -Jeff

  • Anonymous
    January 01, 2003
    blogs.technet.com/.../scm-v2-beta-new-baselines-available-to-download.aspx

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Not yet - but they are in progress right now. We'll be releasing some beta content included with the SCM v2 beta. As soon as I can share a date I will do so. Promise! -jeff

  • Anonymous
    January 01, 2003
    Hey Krevard - is this a French version of Windows? Do you have the EN-US MUI pack installed and running? How is the language of the machine configured? -jeff

  • Anonymous
    January 01, 2003
    Great blog post on SCM v2. Thanks Alan! :) www.grouppolicy.biz/.../introducing-microsoft-security-compliance-manager-v2

  • Anonymous
    January 01, 2003
    Rob, thanks for letting us know! They were actually stuck in our bug system. We are now taking a look! Sorry about that. -jeff

  • Anonymous
    January 01, 2003
    Hey Leo - I saw your email this morning. SCM test team is investigating. :)

  • Anonymous
    March 20, 2011
    Can't wait to give it a swirl!!

  • Anonymous
    March 23, 2011
    The comment has been removed

  • Anonymous
    March 24, 2011
    Thanks! I appreciate it.

  • Anonymous
    March 31, 2011
    Great Product. One question, Is there a way to show the rest of the options for the template when starting with the Baseline? We would like to use the baseline to start, but then add the specific settings for our environment prior to publishing and importing into AD. At this time with Version 2.0, we can tweak the baseline settings, but have to import settings into a New Policy in AD prior to adding site specific settings. Any direction or further documentation would greatly be appreciated.

  • Anonymous
    April 12, 2011
    Simply copy a baseline then you can edit the copy to your hearts desire.

  • Anonymous
    April 21, 2011
    Hey, i still got the installation problem that should be solved in v2. I had SCM 1.x installed and when i tried to update it to 1.3 it crashed and i was never able to install it again. Neither the old version nor this one. The installer just fails with the typical "Stopped working" dialog. I removed MAP, ACT and SQL Express 2008. I cleaned the registry from all SCM leftovers. I'm using Win7 x64 german. I really got no idea what else i could do. I got SQL Express 2008 R2 installed aswell, may reomve that one aswell and try again, but that's it then. I'd love any input to help me get in running again :) kind regards Thomas

  • Anonymous
    April 25, 2011
    Jeff, Do we have a security baseline availble for Internet Explorer 9.0 and windows 7 SP1 as both are RTM now and customer wanna start using them in production.

  • Anonymous
    April 26, 2011
    Hi, The import GPO function seems to be having some issues with some of the GPO objects I'm trying to import, on some I get a value cannot be null exception I've sent an email over with the GPO attached. Have to say though SCM is a brilliant tool.

  • Anonymous
    April 27, 2011
    Is this version still available for download?  I'm unable to access after registering in Connect.

  • Anonymous
    April 27, 2011
    I sent an email also, but I am having issues importing GPOs into the SCM tool.  I am hoping that they can be fixed.  They are USGCB baseline GPOs. The ones I could import the tools is going to be a great asset to planning and implementing GPOs!!

  • Anonymous
    April 27, 2011
    Do we have an estimated time for beta?

  • Anonymous
    April 28, 2011
    Thanks Jeff, I was able to download yesterday!  Very excited, however, I'm having issues with the same GPO as Pat (usgcb, retrieved from the NIST site) the log error = Import GPO failed with the following errors Tag GPODIsplayName in bkupInfo.xml does not exist.  I tried removing the attribute, I've moved all the xml files and and csv to the root of the directory and cannot import.  Any suggestions  would be most grateful :-) thank you in advance for your time.

  • Anonymous
    April 28, 2011
    Thanks Jeff, I appreciate your response.  I'll wait for the beta, and will be happy to help in anyway I can.

  • Anonymous
    May 12, 2011
    Hi, Thanks for the v2 :-) It seems to be great.... Unfortunately I tried during one day to install it and I never achived..... could u help? In SCM_Install_Prereq_Checker.log I have: <InitInstance 16:39:29>Located .NET error message:    Le .NET Framework version 3.5SP1 est requis pour l'installation de Microsoft Security Compliance Manager. Téléchargez et installez le .NET Framework version 3.5SP1, puis réexécutez le programme d'installation. go.microsoft.com/fwlink <InitInstance 16:39:29>Latest CLR is detected successfully. In SCMSetup.log: VRASetup 16:39:31>  VRASetupMainPage.HandleError_Entry <VRASetup 16:39:31>  VRASetupMainPage.HandleError_Entry I have the same errors on W7 Enterprise 32 and 64 and on Win Xp PRO with framework 3.5sp1 (by default on W7) and framework 4.0.. Thanks in advance!!

  • Anonymous
    May 13, 2011
    Hi Jeff, Having issues as well Importing GPO's from a client that were created using the LocalGPO.msi tool. When I attempt to Import a GPO created by the LocalGPO.wsf tool and I click on the root of the folder where the GPO resides I get "Value cannot be null. Parameter name: value" If I dig down into the folder DomainSysvolGPOMachineMicrosoftWindows NTAudit I get the following message "Import GPO failed with the following errors Either Backup.xml or bkupInfo.xml does not exist." My next step was to copy the Backup.xml and bkupinfo.xml from the root folder and paste it under the Audit folder where the audit.csv resides.  I rerun the Import agan and I get the following message "Import GPO failed with the following errors Tag GPODIsplayName in bkupInfo.xml does not exist." This is the contents of the bkupinfo.xml: <BackupInst xmlns="www.microsoft.com/.../Manifest"><GPOGuid><![CDATA[{FACCA114-6E57-4027-AB08-D891F66A4A24}]]></GPOGuid><GPODomain><![CDATA[contoso.com]]></GPODomain><GPODomainGuid><![CDATA[{8d345ac4-636f-4d69-8650-335cb5d903a9}]]></GPODomainGuid><GPODomainController><![CDATA[DC01.contoso.com]]></GPODomainController><BackupTime><![CDATA[2011-5-13T15:14:37]]></BackupTime><ID><![CDATA[{07BDCD6A-3F72-473C-82B9-67BB69DBE54D}]]></ID><Comment><![CDATA[Backup GPO created by LocalGPO tool]]></Comment><GPODisplayName><![CDATA[Local Policy Export]]></GPODisplayName></BackupInst> This issue is occurring in XP and Win7. Any suggestions? Best Regards, Leo

  • Anonymous
    May 17, 2011
    Don't know if this will help anyone or not.  I just installed today and started trying to import some of my group policies and get the "null" error.  What seemed to be causing it was custom policies; those that do not exist in the default Microsoft set.  In my case, policies that were being set using my own adm files.  If I set all of these "custom" policies to undefined, then it would import fine.  I know this isn't a real solution, but just a pointer in the problem's direction.  I am going to investigate this more in the next couple of days and will report if I find anything better.

  • Anonymous
    May 19, 2011
    hi Jeff: SCM v2 looks pretty awesome. However, when we try to use the import gpo function, we keep getting errors: ============================= System.ArgumentNullException ================== Value cannot be null. Parameter name: value


Program Location: at Microsoft.SecurityComplianceManager.ClientObjects.Settings.Setting.set_DisplayName(String value)   at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreateIncompleteSetting(String uiPath, String displayName, String value)   at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolSettingFromSectionNameAndKey(String path, String keyName, String dataType, String value)   at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolMachineSettings(List`1 polMachineSettingsValues)   at Microsoft.SecurityComplianceManager.ImportGPO.ImportGPOCommon.ImportGpoFromFolder(String folderPath) We are not using USGCB gpo's...this is a home grown GPO that we backedup and are trying to import into scmv2 to get ready for windows 7 deployment. any advice? thanks. Ken

  • Anonymous
    May 20, 2011
    Hi, I posted but my message disapeared... The tests were made on Windows 7 Enterprise 32 bits and Windows XP Pro 32 bits. Both OS are in english with french and german MUI.

  • Anonymous
    May 23, 2011
    Hi, i'm using this tool for Windows 7 hardening, and I would like to ask if there is any advice for rolling-back actions? Is there any guide? Thanks Bye

  • Anonymous
    May 23, 2011
    I connected to Microsoft Connect successfully, but I'm getting the error message you show pictured above.  I already emailed SecWish@Microsoft.com... with no response yet.  Can you help me get this download ASAP?

  • Anonymous
    May 27, 2011
    Logging started at 05/27/2011 17:14:06    Application: scmsetup.exe Build 2.0.0.0 retail    Platform:    Win32NT 6.1.7601.65536 Service Pack 1    UI Culture:  de-DE    Culture:     de-DE ================================================== <VRASetup 17:14:06>  VRASetupMainPage.Main_Entry <PropertyStore 17:14:06>  AddProperty_Start <PropertyStore 17:14:06>  AddProperty: Name:'IsInstallationComplete' Value:'False' <PropertyStore 17:14:06>  CheckPropertyPresence_Start <PropertyStore 17:14:06>  CheckPropertyPresence_End <PropertyStore 17:14:06>  AddProperty_End <PropertyStore 17:14:06>  AddProperty_Start <PropertyStore 17:14:06>  AddProperty: Name:'IsInstallation' Value:'False' <PropertyStore 17:14:06>  CheckPropertyPresence_Start <PropertyStore 17:14:06>  CheckPropertyPresence_End <PropertyStore 17:14:06>  AddProperty_End <PropertyStore 17:14:06>  AddProperty_Start <PropertyStore 17:14:06>  AddProperty: Name:'IsUpgrade' Value:'False' <PropertyStore 17:14:06>  CheckPropertyPresence_Start <PropertyStore 17:14:06>  CheckPropertyPresence_End <PropertyStore 17:14:06>  AddProperty_End <PropertyStore 17:14:06>  AddProperty_Start <PropertyStore 17:14:06>  AddProperty: Name:'IsRepair' Value:'False' <PropertyStore 17:14:06>  CheckPropertyPresence_Start <PropertyStore 17:14:06>  CheckPropertyPresence_End <PropertyStore 17:14:06>  AddProperty_End <PropertyStore 17:14:06>  AddProperty_Start <PropertyStore 17:14:06>  AddProperty: Name:'SolutionInstalled' Value:'False' <PropertyStore 17:14:06>  CheckPropertyPresence_Start <PropertyStore 17:14:06>  CheckPropertyPresence_End <PropertyStore 17:14:06>  AddProperty_End <PropertyStore 17:14:06>  this_Start <PropertyStore 17:14:06>  CheckPropertyPresence_Start <PropertyStore 17:14:06>  CheckPropertyPresence_End <PropertyStore 17:14:06>  this_End <PropertyStore 17:14:06>  AddProperty_Start <PropertyStore 17:14:06>  AddProperty: Name:'IsInstallation' Value:'True' <PropertyStore 17:14:06>  CheckPropertyPresence_Start <PropertyStore 17:14:06>  CheckPropertyPresence_End <PropertyStore 17:14:06>  AddProperty_End <VRASetup 17:14:06>  VRASetupMainPage.HandleError_Entry <VRASetup 17:14:06>  VRASetupMainPage.HandleError_Entry

  • Anonymous
    May 31, 2011
    Great stuff. Any plans to implement a feature to copy groups from one baseline to another ?  E.g. the DC baselines contains settings for system services whereas the member baseline doesn't (and I don't see a way to get it in).

  • Anonymous
    June 01, 2011
    Hello, sorry, i thought i read that v2 fixed the .inf import issue?  or did i read wrong?  i'm trying to test this out before I present to management and the only option i see is to import .cab files.

  • Anonymous
    June 09, 2011
    Hi, I solved my problem by uninstalling Framwork 4 entirely, putting the language to english. I extracted your exe and launched the MSI... But now I have a problem mentionned upper, I canno t import my own GPOs. ============================= System.ArgumentNullException ================== Value cannot be null. Parameter name: value


Program Location: at Microsoft.SecurityComplianceManager.ClientObjects.Settings.Setting.set_DisplayName(String value)   at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreateIncompleteSetting(String uiPath, String displayName, String value)   at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolSettingFromSectionNameAndKey(String path, String keyName, String dataType, String value)   at Microsoft.SecurityComplianceManager.ImportGPO.CreateSettingsForImportedGPO.CreatePolMachineSettings(List`1 polMachineSettingsValues)   at Microsoft.SecurityComplianceManager.ImportGPO.ImportGPOCommon.ImportGpoFromFolder(String folderPath) The other thing is that when I import GPOs from SCM to Active Directory, I canno t see the result... (HTML result in the tab.-...) Thanks for ure answer..

  • Anonymous
    June 14, 2011
    When trying to import our default domain policy into SCM v2 we just get the following error message, Value cannot be null. Parameter name: value

  • Anonymous
    June 17, 2011
    GREAT NEWS!!! EAGERLY awaiting the release. Thanks Jeff!

  • Anonymous
    July 20, 2011
    I've posted a couple of bugs on the connect site, but haven't heard back...