I've downloaded the latest SCM 3.0 but the LocalGPO tool will not work. It tells me that windows 8.1 is not supported. Is there an update that I am missing or a work around?
Thanks,
Peter
↧
LocalGPO Tool for Windows 8.1
↧
Import GPOPack Error -- conLABEL_002
Hi,
I created GPOPack for Win8 using SCM and tried to import to a stand-alone Win8 (64-bit) machine.
But didn't succeed. I'm getting the following error:-
GPOPack.wfs (211. 14) Microsoft VBScript runtime error: Variable is undefined: ' conLABEL_CODE002'
Can anyone guide me to solve this error?
Kind regards,
Mohamed Maricar
↧
↧
SCM update for Windows 8.1 and Windows 2012 R2
Hi,
When are we likely to get an update to SCM for Windows 8.1 and Windows 2012 R2?
↧
How to import DSIA STIG baselines/templates into SCM?
Hello,
I have been playing with both Security Compliance Manager as well as System Center ConfigMgr Extensions for SCAP tools to determine how I can import DISA STIG Inf files.
My end goal is to be able to use SCCM DCM to check/manage compliance for some of these pre-defined security standards such as DISA STIGs.
I read in an earlier post that MSFT is currently looking into allowing INF imports into SCM. Is there any idea on when this might be available or IS there another approach I can take?
Thank you,
Manoj
↧
Security Compliance Manager installer is just terrible
First of all, if you try to install SCM on a domain controller it will fail. Why? Because the installer will go and automatically download SQL Express 2008 and install it with default options that includes trying to use a local system account, which you can't do on a DC.
Fine, I thought. I'll just download and manually install SQL Express and configure it to use a domain account. Which works just fine except that the SCM installer doesn't even bother to check to see if you already have SQL installed. It insists on installing it itself, which of course causes it to fail.
There should at least be an option during the SCM installation to either specify an already existing instance of SQL, or to configure settings such a service accounts manually.
So I'm forced to install it on a Windows 7 machine, where I've already got SQL Express 2008 R2 installed, which of course the installer doesn't care about and forces me to install SQL Express 2008.
Just.. terrible.
↧
↧
Data Classification Toolkit Error
Hi,
My first attempt at using Data Classification. This is all Server 2012 R2 with domain raised to 2012 R2.
I've enabled the resource properties in ADAC and refreshed the properties to the local machine so they appear in FSRM.
Also used the DCT to import the PCI rules.
I've configured the rules the way I need them and now want to do an export for rolling out across the domain, but the export function is failing with:
EXPORT-FILECLASSIFICATIONPACKAGE : String was not recognized as a valid
DateTime.
At line:1 char:1
+ EXPORT-FILECLASSIFICATIONPACKAGE -PATH C:\PACKAGES\OUTPUT.XML
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (SERVERNAME:String) [Expor
t-FileClassificationPackage], FormatException
+ FullyQualifiedErrorId : MachineExecutionException,Microsoft.DataClassifi
cationToolkit.PowerShell.Library.Cmdlets.ExportClassificationConfiguration
WARNING: Local properties were exported from a File Server running Windows
Server 2012 or Windows Server 2012 R2. We recommend converting these properties
to global properties.
Any suggestions? Google gave me nothing.
Thanks.
↧
Security Compliance Manager and Local GPO Tool not exporting all settings
I'm trying to get my first baseline configured for several non-networked Windows 7 machines. Everything worked well regarding the export and import, until I went to double check all the settings. Three settings never make there way to the new computers:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Allow Logon through Remote Desktop Services (requires no entries, but either never gets set or the setting gets overwritten by default
values). [This one finally changed when creating a new baseline, but the other two are still stuck with the original values. I still haven't done anything different.]
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Bypass traverse checking (keeps default settings or is overwritten by default settings)
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Impersonate a client after authentication (keeps default settings or is overwritten by default settings)
Is anyone else having the same problem. I've tried to export the settings both through SCM and the LocalGPO command line. Thinking it must be something I've done, I've also created multiple baselines (deleting the broken ones) and run into the same issue.
UPDATE: Just deleted the stuck settings, added them back in and then changed the customized settings. Still didn't work
Any suggestions?
SCM Version 3.0.060.0
Setting Library Version 2.0.82001
Settings being installed on Windows 7 Enterprise SP1
↧
SCM 3.0 - Why does Exporting to GPO Backup and Importing back the same LocalGPO alter the settings so drastically ?
What I did:
Specialize a Win 7 computer Baseline (Baseline A)
Export the duplicated baseline to the GPO Backup Folder.
Use this the exported GPO Backup within a MDT task Sequence
Create a new computer with this task Sequence. It completes successfully.
Export with LOCALGPO Tool the Baseline (BaseLine B
Compare to the Windows 7 SP1 Baseline copy - (Baseline B).
Result (see pictures):
Total unique settings compared: 317
Total settings in common: 205
Total settings not in common: 112
Settings that differ (15): Just one exemple:
I ask for "Audit System events" Success and Failure (Baseline A) and the result is NoAuditing. Strange isn't it?
Settings that match (190): Cool.
Settings only in Baseline A (57) Just a comment:
There are a lot of settings with the value: No one. Are these values correctly exported and correctly positioned on the new computer?
Settings only in baseline B (55) Just a comment:
There are a lot of characters badly recognized. I think there is a problem with French Language.
How can I trust SCM with so many errors? What can I do to correct these errors?
I use Security Compliance Manager3.0.60.0 with settingLibrary Version 2.0.82001
↧
Windows 8.1 and Server 2012 R2 has 0 Settings available
I've updated SCM with the 8.1/2012 R2 automatic updates. However, when trying to add an 8.1 or 2012 R2 setting, SCM says there are 0 settings available:
The particular setting I'm looking to add to my custom pack is User Configuration\Administrative Templates\Windows Components\Edge UI - Disable help tips. If I select Windows 8 as the product, I at least haveUser Configuration\Administrative Templates\Windows Components\Edge UI, but the specific setting is not there. Is this setting missing completely from SCM, or would it be available to me if I had a list of settings when selecting Windows 8.1?
I did notice that User Configuration\Administrative Templates\Windows Components\Edge UI - Disable help tips is in the Win8.1 User Security Compliance 1.0 baseline. That makes me wonder if it should be available when selecting 8.1 as the product. I'd appreciate any help with this. Thanks.
↧
↧
Access Services - Saving message continuously appearing
Hi, I have a SharePoint 2013 Site which was migrated from SharePoint 2010. This uses access services and we have a few access databases appearing in the browser and when the user does any data additions or updates, the data actually gets saved, but the
message "Access Services is saving the data" is not disappearing. What could be an issue here?
![Access Services Issue]()
Karthick
↧
Microsoft security compliance manager 3.0 in windows 2012 server
Hi All,
I am completely new in SCM. I have assigned to verify and check why SCM is required for environment, what and how SCM works. I have downloaded SCM from
https://www.microsoft.com/en-us/download/details.aspx?id=16776.
After download i am able to install it in 2008 std x64 bit but my target is to install it in 2012 server x64 bit. I am not able to install it.
It's showing do not have feature of .Net Framework 3.5 and installation is getting closed suddenly. I tried to download .Net Framework3.5 but not able to install it as showing not supported or showing alternet path. I am not holding any CD/DVD of Windows
2012 server. Only ISO.
Please help me.
Thanking you in advance!
Abhijit
↧
http://www.microsoft.com/technet/support ... ae+Operating+System&ProdVer=6.2.9200.16384&EvtID=3&EvtSrc=Microsoft-Windows-Kernel-EventTracing&LCID ...
http://www.microsoft.com/technet/support ... ae+Operating+System&ProdVer=6.2.9200.16384&EvtID=3&EvtSrc=Microsoft-Windows-Kernel-EventTracing&LCID ...
http://answers.microsoft.com/en-us/windows/forum/windows_8-performance/event-viewer-event-log-online-help-link-returns/7c0f6c8f-a153-44a3-8dad-e6dd11f384d1
↧
Security Compliance Manager - Export for SCCM DCM 2007
Hi,
When I export the SCM .CAB file .... it exports successfully but when I try to import the in the SCCM DCM section the error message comes up saying the file is corrupt.... when I know it is not.
On the other hand when I try to export the settings to SCCM DCM 2007 .CAB file I get the following error message.....
Any ideas will be highly appreciated.
The error message is attached below...
Cheers,
Ijaz
**********************************************************************
Baseline: WS08R2-Member-Server-Compliance- V1.0
Export format: DCM Export
Export directory: E:\SCM Template for Windows 2008 R2\WS08R2-Member-Server-Compliance- V1.0_DCM.CAB
**********************************************************************
The following settings were not included in the DCM Export as they are not supported in this format:
**********************************************************************
Setting Name: Network security: Force logoff when logon hours expire , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-10588-2
Setting Name: Network access: Allow anonymous SID/Name translation , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-10024-8
Setting Name: Accounts: Administrator account status , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-10571-8
Setting Name: Accounts: Rename administrator account , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-10976-9
Setting Name: Accounts: Rename guest account , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-10747-4
Setting Name: Accounts: Guest account status , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-9989-5
Setting Name: Accounts: Administrator account status , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-10571-8
Setting Name: Accounts: Rename administrator account , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-10976-9
Setting Name: Accounts: Rename guest account , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-10747-4
Setting Name: Accounts: Guest account status , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , CCEID: CCE-9989-5
Setting Name: Profile system performance , UI Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment , CCEID: CCE-10193-1
**********************************************************************
↧
↧
How to delete orphan site in SharePoint 2013 on same database
Hi,
I have seen recently that the sitecollection became orphan was not allowing to upgrade the features.
then identified the site collection and ran below command to delete it
Stsadm –o deletesite –force –siteid A0FE2A62-152A-4D0E-93EA-4C61E264ED65 –databasename WSS_Content_Database_3 –databaseserver ContentDatabase1
It will give you
Operation completed successfully.YOGESHA H P(MCTS)
↧
applying gpopack causes group policy processing errors
Hi,
We created a GPO pack (using SCM 3.0.x) a while back as per the following article and it is used to apply these settings on new 2012 builds
http://technet.microsoft.com/en-us/magazine/hh489604.aspx
When the GPO pack is initially deployed the following is logged:
Event 1503 - The Group Policy settings for the user were processed successfully. New settings from 1 group Policy objects were detected and applied.
Event 1502 - The Group Policy settings for the computer were processed successfully. New settings from 1 group Policy objects were detected and applied.
After a while 1502s are still logged but no more 1503s.
After a 1502 you now get 1030 errors:
The processing of group policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer.
When you carry out a gpupdate the computer policy updates fine but you then get the same error.
For our existing servers how do we fix these errors?
For new builds is this a bug with GPOPack/LocalGPO?
Thanks.
↧
Unable to add Office 2013 settings to baseline
Perhaps I'm doing this wrong, but I normally start with a GPO Import baseline that I delete all settings, then manually add the settings I want in my new policy. But when I select Office 2013, the "Chose Source" pull down says 0 settings. I even deleted and re-downloaded/installed the Office 2013 settings.
If I duplicate the Office 2013 Microsoft Baseline, I get the default values enabled and there is no way to change all to not-defined in my copy.
↧
Importing GPO
I am trying to import 2 (or more) GPO's from a domain so I can compare the baselines. I did Import "GPO Backup Folder" selected the backup and it is good. Then I do the same thing with the second and I get a message "An item with the same
key has already been added". Selecting OK bring the screen "Object reference not set to an instance of an object". I can rename the GPO in the GPMC and back it up again and the same thing. Where is this key stored so I can rename it or bypass
it? How can I get around this error?
↧
↧
Unable to add settings to baseline?
Morning, We are working on creating a new baseline and ran into a slight problem. We created a working baseline set by copying the Win7SP1 Computer Security configuration. We then went to add a setting. The window pops up with source set as Windows 7 SP1. We then went to choose a target but no associated controls were listed. In this case, we were using identity management. Has something changed in the way this is done?
Regards,
Larry
↧
Installing Security and Compliance Manager on Windows 8.1
Hi
I am trying to install Security and Compliance Manager on my Windows 8.1 workstation. The install is trying to install SQL Express 2008 which seems to not be compatible with Windows 8.1 and that is were the install ends.
I tried installing SQL Express 2012 and then running the install but it looks like the database is not installed.
Is there a new version of Security and Compliance Manager that addresses this or does anyone know how to set up SQL to accept Compliance Manager?
↧
how to do backup large files quickly and compress the backup without taking up much space
I am a member of a large business company, and there is large data stored in our company computers. To protect data, i want to do files backup for my important work documents, pictures, xls etc. Maybe you say the built-in backup tool can help you solve
this problem. But i want to know the data is so much, and i want to choose a simple, fast, and safe way to backup data. And i want one tool can help me compress my large data. Could you help me? Any free software?
↧