Using Microsoft Security Baselines with System Center Configuration Manager

This post is obsolete and uses tools that are no longer available. Please see Import Microsoft Security Baselines into MEMCM – ( for an updated way of importing baselines.

Microsoft provides security baselines with hundreds of security configuration settings that you can use to compare against your systems to determine how secure your environment is or to monitor security compliance in your organization.  Comparing the settings of a security baseline against many computers and obtaining the result may prove to be a challenging task.  Thankfully, the Microsoft Security Compliance Manager (SCM) tool makes it easy to export these security baselines into a System Center Configuration Manager (SCCM) configuration pack, which can easily be imported into SCCM as a Desired Configuration Management (DCM) configuration baseline.

The Security Compliance Manager comes with many security baselines for the latest versions of Windows, Office and Internet Explorer.  For example, for Windows 7, the following baselines are provided.

Selecting a baseline and then clicking on Properties on the right pane displays an explanation of the security baseline.  These are the properties of the Win7-EC-Laptop baseline (EC stands for Enterprise Client).

When you select a baseline, the main middle pane shows a list of the settings contained in that baseline.  For example, these are the first six settings (out of 266) in the Win7-EC-Laptop baseline:

The Default column indicates what the default value is for a setting, the Microsoft column indicates the recommended configuration from Microsoft, and the Customized column indicates the customized configuration if you have modified the setting.

Note that Microsoft does not allow you to modify their settings.  For example, when you click on a setting, the controls are greyed-out:

What you can if you need to modify settings is to make a copy of a baseline.  You make a copy by selecting the baseline and then click on Duplicate on the right-pane.

The Duplicate wizard prompts you to enter a name for the new baseline (you can accept the default which is “Copy of XXX”, where XXX is the name of the baseline that you are duplicating.

The duplicated baseline will then appear under Custom Baselines:

The controls of a setting in the duplicated baseline are no longer greyed-out, allowing you to make changes to it:

You can use your SCCM infrastructure to compare the settings in a baseline against your SCCM client computers and obtain the comparison results.  To accomplish this, first export a baseline by selecting it and clicking on SCCM DCM 2007 under Export in the right pane.

This will save the baseline as a CAB file.  You can then import this CAB file into SCCM by right-clicking on the Configuration Baselines node and selecting Import Configuration Data as illustrated below.

In the Import Configuration Data wizard click on Add to select the CAB file.

The wizard will display the configuration data being imported.  This is a partial list:

When the Import wizard finishes, it will display the imported configuration data.  This is a partial list:

The imported configuration baseline will them be added to the SCCM Configuration Baselines node.

You are now ready to assign the baseline to the appropriate collection for evaluation.   For information on how to assign a baseline to a collection and view the results of the evaluation on target systems, see the following article from Windows Management Experts:

Authoring a DCM Configuration Item to Identify and Fix Non-compliant Systems



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.