New version of SCM causes peace on Earth

Well... I might be exaggerating just a bit about the “peace on Earth”, but it’s a worthy goal isn’t it!? :) I’m writing this post for a couple reasons:

1. Announce an updated version of Microsoft Security Compliance Manager (SCM)

2. Discuss the SCM roadmap for the next year+

I hope it is helpful and informational. As always when I blog, I invite you to reach out to me directly (my email is at the bottom of this post, but you will have to re-construct it) or contact the entire SCM team directly with any feedback you might have.

SCM Version Now Available!

We are constantly looking for ways to improve our offerings (SCM, Baselines, etc.), and we take customer and partner feedback very seriously! The SCM team heard from a number of you since initially shipping SCM v1.0 back in April 2010 that downloading Baselines from within SCM was failing behind *some* corporate proxy servers. It was a strange problem for us to reproduce because our ISA server internally here at Microsoft works perfectly with SCM (funny huh!?). We reached out to a number of you who had reported the problem to us and I’m happy to report we figured it out! Much thanks to all the people who contributed to this fix (you know who you are)!

If you are curious, the problem had to do with how we were calling the Web API’s in .NET. At a high level, there were two things we weren’t doing properly:

1. The proper way to download anything through this Web API is to always assume you are behind a proxy; you simply tell the API (HttpWebRequest.GetSystemWebProxy) to use the system configured proxy. The HTTP code in Windows figures out if it needs to talk to a proxy or not and the app is blind to it (as it should be).

2. We needed to also tell the Web API to use the logged-on users’ credentials, just in case the proxy server requires authentication. To be clear, SCM does NOT collect any user credentials – we simply tell the API to contact the proxy as the logged-on user. If we didn’t do this, a “locked-down” proxy server would still fail even given the fix mentioned in 1. above.

Whew – that’s a lot of detail to tell you that you can now download this updated version of SCM! Here are all of the links for downloading:

· Microsoft_Security_Compliance_Manager.Setup.exe (SCM v1.1.2.0 MSI Installer)

· Baseline Download Help.rtf (Ever wanted to download a baseline outside of SCM, here’s how)

· Release Notes.rtf (Duh, the release notes)

· SCM Getting Started Guide.docx (Great walkthrough / intro to SCM document)

If you have an existing install of SCM and don’t want to lose your data (i.e. Baselines), we have a section in the Release Notes how to do just that. It’s quite painless – I promise. Also, you will start seeing this update offered to you within SCM itself (if you can get through your proxy :) and you have that feature enabled). Please reach out to us if you have any troubles!

I’ve also decided to maintain a nicely formatted version history of SCM. Here you go!

SCM Version History

SCM v1.1.2.0 (November 19th, 2010)

· SCM Download: fixed ability to obtain baselines and application updates behind some proxy servers

SCM v1.1.1.0 (September 8th, 2010)

· SCM UI: fixed various display problems when using a very low screen resolution

· SCM Export: optimized the .CAB file size when users export in the SCM baseline format

· Local GPO tool: fixed local import of settings so that this tool now applies them incrementally (instead of full reset)

SCM v1.0.0.0 (April 6th, 2010)

· Initial Release

SCM Roadmap

The SCM team is already hard at work on our next major version of SCM. It is based 100% on your feedback and has one overriding goal: SIMPLICITY. In case you were wondering, we got the message loud and clear – you mostly love SCM, but boy it could be simpler to use. We strive for perfection – so keep that feedback coming.

I’m predicting that we release this new major version of SCM in early calendar year 2011 (first quarter timeframe). This is software however, and we will do the best we can to make it very high quality and as fast as possible. I also wanted to share some of the items that are HIGH on our feature list:

· Import GPO Backups into SCM (can I hear a yay!?)

· Don’t require a new SQL Express instance during setup – you can point SCM during setup to an existing SQL (and it doesn’t have to be Express - can I hear another big yay!?)

· User Interface improvements – simplify common tasks, better utilization of screen real estate

Are you curious what we are thinking about for SCM even beyond this next major version? Well, SCM in the Cloud (think Windows/SQL Azure) is a very exciting concept we are playing with at the moment. One could imagine using just the browser to view all of Microsoft’s latest up-to-date guidance and best practices. Privacy is obviously a large concern for a lot of people when you talk “public cloud”, so we are considering two modes: 1.) create your baselines in the cloud itself 2.) create your baselines on your local disk and use Microsoft baselines, which are in the cloud, as your starting point. Just food for thought on where we are heading!

And now a message from our sponsors...

The Security Compliance Manager (SCM) tool is just one of the tools provided by the Microsoft Solution Accelerators team. The Microsoft Assessment and Planning Toolkit, Microsoft Deployment Toolkit, and Security Compliance Manager all provide tested guidance and automated tools to help you plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. All are freely available, and fully-supported by Microsoft. Learn more

Thanks for using and loving SCM! Cheers!

Jeff dot Sigman at microsoft dot com { Programmer Dude } Microsoft | Solution Accelerators