How to Keep Up to Date with Windows Security Guidelines

| by Jonathan Allen Follow 463 Followers on Feb 12, 2013. Estimated reading time: 1 minute |

A note to our readers: You asked so we have developed a set of features that allow you to reduce the noise: you can get email and web notifications for topics you are interested in. Learn more about our new features.

Windows Security is a hard problem. There are countless optional features and settings that can introduce security vulnerabilities, many of which are enabled by default. The documentation for these settings are scattered throughout MSDN and TechNet, with current articles freely mixed with out-of-date versions.

One solution to this is the Microsoft Security Compliance Manager. This tool, currently in its 3rd major revision, offers a wealth of information on many key Microsoft technologies including Windows (XP and later), Windows Server (2003 and later), Internet Explorer (8 thru 10), Office (2007/2010), and Exchange Server (2007/2010).

Each technology includes recent documentation and guides which can be automatically updated through the tool. However, these guides are just a starting point. The real power comes from the baseline policy tool.

This tool allows you to see the default and recommended setting for each feature.

But where the tool really shines is in the details pane. As you can see, it not only gives a description of the setting but also the vulnerability that could occur if the setting is improperly configured.

IT Departments are free to create their own baseline configurations. To do this, first make a copy of the Microsoft baseline you want to use as a starting point. Then as you make changes they will appear in the “customized” column.

Company-specific documentation can be added to a custom baseline and will appear alongside the guidelines provided by Microsoft.

Once a baseline has been fully evaluated, it can be exported in a number of formats. To allow others to review the recommendations without installing the Security Compliance Manager, Excel is offered. Once the policies are approved, a GPO backup is created and then applied via Active Directory.

Microsoft Security Compliance Manager is available free via in Microsoft downloads and requires SQL Server express in addition to the stated requirements.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you