For the past several years nearly every client of mine (that I have consulted on Active Directory) has been introduced to the Microsoft Security Compliance Manager (SCM), a great tool that helped create Group Policy Objects (GPOs) for any number of Organizational Units (OUs), including Default Domain Policy, Domain Controller Policy, Client Workstation Policy, and many more.
Last week Microsoft announced the retirement of the SCM, and the launch of the Microsoft Security Compliance Toolkit (MST) 1.0. According to the download site, the MST is a set of tools that allows enterprise security administrators to download, analyze, test, edit and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products, while comparing them against other security configurations.
If you are wondering how this product is different from the SCM, you can read the write-up by Aaron Margosis here.
I like that Aaron points out that there are gaps in the new offering, and assures us that Microsoft is working to fill those gaps.
Leave a Reply