Configuration Manager Vulnerability Assessment allows to scan managed systems for common missing security updates and misconfigurations which might make client computers more vulnerable to attack.
This release includes
The capability to scan’s for potential security issues that may exist because of misconfigurations on the following Microsoft Product versions
- Windows 2008 and later versions
- Windows Server 2008 and later versions
- Internet Information Server 7.x and 8.x versions
- Microsoft Office 2010 and later versions
- Internet Explorer 9, 10 and 11 versions for supported operating systems.
PowerShell 3.0, 4.0 and 5.0 Versions
Note: For current supported versions of the Windows and SQL Server products please review supported configuration of System Center 2012 Configuration Manager and System Center Configuration Manager (Current Branch)
New Vulnerability Assessment Overall Report will display
- List of Security, Administrative and Compliance Vulnerabilities for a specific computer.
- List of Windows Updates Vulnerabilities (if there are any)
- List of Windows Server Vulnerabilities (if there are any)
- List of IIS Vulnerabilities (if there are any)
- List of SQL Vulnerabilities (if there are any)
Example checks are:
- Are unnecessary services installed and running?
- Do shared folders have appropriate permissions?
- Is Windows Firewall enabled?
- Are strong passwords enforced?
- Are unsecured guest accounts enabled?
After downloading the pack, you will need to install it which will extract the cab file into C:\Program Files (x86)\VACP (by default).
To import the Configuration Pack
In the Configuration Manager console, navigate to Assets and Compliance / Compliance settings / Configuration Baselines.
Right-click Configuration Items, Import Configuration Data to load the Import Configuration Data Wizard.
Click Add, browse to C:\Program Files (x86)\VACP (unless you specified another path) and select the .cab file in the install location of the .msi, and then click Open.
Summary of the 34 configuration Items will be shown. Click Next to continue.
- Follow the wizard instructions.
- There are three base lines created from the Configuration Items. The Vulnerability Assessment Configuration Pack.docx files associated highlights the details of each base line.
- Deploy the baselines to the proper collections as desired.