Configuration Manager 中集合的安全和隐私Security and privacy for collections in Configuration Manager

适用范围: Configuration Manager (Current Branch)Applies to: Configuration Manager (current branch)

本主题包含 Configuration Manager 中集合的最佳安全做法和隐私信息。This topic contains security best practices and privacy information for collections in Configuration Manager.

没有专门针对 Configuration Manager 中的集合的隐私信息。There is no privacy information specifically for collections in Configuration Manager. 集合是资源(如用户和设备)的容器。Collections are containers for resources, such as users and devices. 集合成员身份通常依赖于 Configuration Manager 在标准操作过程中收集的信息。Collection membership often depends on the information that Configuration Manager collects during standard operation. 例如,通过使用从发现或清单收集的资源信息,可以将集合配置为包含满足指定条件的设备。For example, by using resource information that has been collected from discovery or inventory, a collection can be configured to contain the devices that meet specified criteria. 集合还可以基于客户端管理操作的当前状态信息,例如正在部署软件和正在检查符合性。Collections might also be based on the current status information for client management operations, such as deploying software and checking for compliance. 除了这些基于查询的集合,管理用户也可以将资源添加到集合。In addition to these query-based collections, administrative users can also add resources to collections.

有关集合的详细信息,请参阅集合简介For more information about collections, see Introduction to collections. 有关 Configuration Manager 操作(可用于配置集合成员身份)的任何最佳安全做法和隐私信息的详情,请参阅 Configuration Manager 的最佳安全做法和隐私信息For more information about any security best practices and privacy information for Configuration Manager operations that can be used to configure collection membership, see Security best practices and privacy information for Configuration Manager.

集合的最佳安全方案Security Best Practices for Collections

可将以下最佳安全方案用于集合。Use the following security best practice for collections.

最佳安全方案Security best practice 更多信息More information
当你使用保存到网络位置的托管对象格式 (MOF) 文件导出或导入集合时,请保护该位置和网络通道的安全。When you export or import a collection by using a Managed Object Format (MOF) file that is saved to a network location, secure the location, and secure the network channel. 限制可访问网络文件夹的人员。Restricts who can access the network folder.

在网络位置与站点服务器之间使用服务器消息块 (SMB) 签名或 Internet 协议安全性 (IPsec),以防止攻击者篡改导出的集合数据。Use Server Message Block (SMB) signing or Internet Protocol security (IPsec) between the network location and the site server to prevent an attacker from tampering with the exported collection data. 使用 IPsec 对网络上的数据进行加密以防止信息泄漏。Use IPsec to encrypt the data on the network to prevent information disclosure.

集合的安全问题Security Issues for Collections

集合具有以下安全问题:Collections have the following security issues:

  • 如果使用集合变量,本地管理员可以读取可能敏感的信息。If you use collection variables, local administrators can read potentially sensitive information.

    在部署操作系统时,可以使用集合变量。Collection variables can be used when you deploy an operating system.