First published on CloudBlogs on Apr 28, 2016
Raghu Kethineni, Senior Program Manager, Enterprise Client and Mobility
Today we are announcing the release of a new Vulnerability Assessment Configuration Pack for System Center Configuration Manager. You can download it
. Configuration Manager Vulnerability Assessment allows you to scan managed systems for common missing security updates and misconfigurations which might make client computers more vulnerable to attack.
Software installation errors and misconfigurations compromise security and stability, resulting in escalated support costs. System Center Configuration Manager Vulnerability Assessment Configuration Pack can help prevent errors and security risks, increase your organizational uptime and help you to build a more secure infrastructure. This configuration pack provides vulnerability assessment reporting for common missing security updates and misconfigurations by using the configuration baselines in Configuration Manager. You can use it to monitor the configuration of Microsoft Windows operating systems, Internet Explorer, Microsoft Office, SQL Server, and Internet Information Services (IIS).
This release includes:
The capability to scan for potential security issues that may exist because of misconfigurations on the following Microsoft Product versions
New Vulnerability Assessment Overall Report will display
List of Security, Administrative and Compliance Vulnerabilities for a specific computer.
List of Windows Updates Vulnerabilities (if there are any)
List of Windows Server Vulnerabilities (if there are any)
List of IIS Vulnerabilities (if there are any)
List of SQL Vulnerabilities (if there are any)
To use this Configuration Pack
First import the three configuration baselines (Vulnerability Assessment: IIS Baseline, Vulnerability Assessment: SQL Server Baseline, Vulnerability Assessment: Windows Baseline). To understand in detail what each configuration item will be evaluating, review the properties of the configuration item.
Next target the baselines to a collection containing the computers you want to monitor. Policies will be evaluated and reported back to the site server. Note: you may need to wait for 24-48 hours depending on your inventory cycles.
The run the report and review the compliance results.
The following are prerequisites for Vulnerability Assessment Configuration Pack:
The site server must be running one of the following:
System Center 2012 R2 Configuration Manager SP1 CU3 with Hotfix
(A new Vulnerability Assessment Overall Report is available for System Center 2012 Configuration Manager)
System Center 2012 Configuration Manager SP2 CU3 with Hotfix
System Center Configuration Manager current branch -
The Configuration Pack can be imported to System Center Configuration Manager but the reports are not included. Reports will be released along with the next released update version of the current branch of System Center Configuration Manager.
The Configuration Manager clients require:
PowerShell 3.0 or later
The IIS feature: "IIS Management Scripts and Tools" installed