Configuration Manager Vulnerability Assessment allows to scan managed systems for common missing security updates and misconfigurations which might make client computers more vulnerable to attack.

Download here

This release includes

• The capability to scan’s for potential security issues that may exist because of misconfigurations on the following Microsoft Product versions
  • Windows 2008 and later versions
  • Windows Server 2008 and later versions
  • Internet Information Server 7.x and 8.x versions
  • Microsoft Office 2010 and later versions
  • Internet Explorer 9, 10 and 11 versions for supported operating systems.
  • PowerShell 3.0, 4.0 and 5.0 Versions

    Note: For current supported versions of the Windows and SQL Server products please review supported configuration of System Center 2012 Configuration Manager and System Center Configuration Manager (Current Branch)

• New Vulnerability Assessment Overall Report will display
  • List of Security, Administrative and Compliance Vulnerabilities for a specific computer.
  • List of Windows Updates Vulnerabilities (if there are any)
  • List of Windows Server Vulnerabilities (if there are any)
  • List of IIS Vulnerabilities (if there are any)
  • List of SQL Vulnerabilities (if there are any)

Example checks are:

• Are unnecessary services installed and running?
• Do shared folders have appropriate permissions?
• Is Windows Firewall enabled?
• Are strong passwords enforced?
• Are unsecured guest accounts enabled?

After downloading the pack, you will need to install it which will extract the cab file into C:\Program Files (x86)\VACP (by default).

To import the Configuration Pack

• In the Configuration Manager console, navigate to Assets and Compliance / Compliance settings / Configuration Baselines.
  

  
  

• Right-click Configuration Items, Import Configuration Data to load the Import Configuration Data Wizard.
  

  
  

• Click Add, browse to C:\Program Files (x86)\VACP (unless you specified another path) and select the .cab file in the install location of the .msi, and then click Open.
  

  
  

• Summary of the 34 configuration Items will be shown. Click Next to continue.
  

  
  

• Follow the wizard instructions.
  
• There are three base lines created from the Configuration Items. The Vulnerability Assessment Configuration Pack.docx files associated highlights the details of each base line.
  
• Deploy the baselines to the proper collections as desired.