Security Compliance Manager (SCM):Windows Server 2008 R2 SP1 Security and Compliance Baseline Release Notes

The Windows Server 2008 R2 SP1 Security Compliance Baseline is integrated with the [[Microsoft Security Compliance Manager (SCM)]] tool. To access the Windows Server 2008 R2 SP1 Security Guide included with this baseline, download SCM 2.5.

SCM 2.5 is a free tool from the Microsoft Solution Accelerators Team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy and Microsoft System Center Configuration Manager. The entire Windows Server 2008 R2 SP1 Security Compliance Baseline package is available through SCM 2.5. The tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows operating systems, and other Microsoft products in your environment.

See the SCM Getting Started wiki for information about installing SCM 2.5 and to orient you with the Solution Accelerator’s console and integrated Help guidance.

These release notes are carefully and closely monitored. The SCM engineering team regularly improves the tool and maintains this article to share the latest release information and known issues. Any changes that you make will be evaluated and then quickly accepted, refined, or reverted. Because this is a wiki, additions or refinements to these release notes might have been made by community members.

Please direct questions and comments about SCM 2.5 to secwish@microsoft.com. 

 

Download and Online Locations

• To learn more about this product baseline, see the Windows Server 2008 R2 Security Baseline page in the TechNet Library 
• To download the Security Compliance Manager tool, visit the Microsoft Download Center

Baseline Components

 The Windows Server 2008 R2 SP1 Security Compliance Baseline available in SCM 2.5 includes the following components:

• Attachments
  • Windows Server 2008 R2 Security Guide.docx (version 2.0)
  • Windows Server 2008 R2 Attack Surface Reference.xlsx
  • Microsoft.ControlActivity.WS2008R2SP1.FCI.CAB
  • WS2008R2SP1_IT_GRC_MCA_MP.cab
• Baselines
  • Windows Server 2008 R2 SP1 AD Certificate Services Server Security Compliance Baseline v1.0
  • Windows Server 2008 R2 SP1 DHCP Server Security Compliance Baseline v1.0
  • Windows Server 2008 R2 SP1 DNS Server Security Compliance Baseline v1.0
  • Windows Server 2008 R2 SP1 Domain Security Compliance Baseline v1.0
  • Windows Server 2008 R2 SP1 Domain Controller Security Compliance Baseline v1.1
  • Windows Server 2008 R2 SP1 File Server FCI Baseline v1.0
  • Windows Server 2008 R2 SP1 File Server Security Compliance Baseline v1.0
  • Windows Server 2008 R2 SP1 Hyper-V Security Compliance Baseline v1.0
  • Windows Server 2008 R2 SP1 Member Server Security Compliance Baseline v1.1
  • Windows Server 2008 R2 SP1 Network Access Services Server Security Compliance Baseline v1.0
  • Windows Server 2008 R2 SP1 Print Server Security Compliance Baseline v1.0
  • Windows Server 2008 R2 SP1 Remote Desktop Services Security Compliance Baseline v1.0
  • Windows Server 2008 R2 SP1 Web Server Security Compliance Baseline v1.0

Version History

The released versions of the Windows Server 2008 R2 SP1 Security Compliance Baseline include:
Version 1.1 includes updates to the Member Server and Domain Controller security compliance baselines (April 2012).
Version 1.0 of the Windows Server 2008 R2 SP1 Security Compliance Baseline (September 2011).
Version 1.0 of the Windows Server 2008 R2 Security Baseline (March 2010).

Known Issues

The following are known issues for the Windows Server 2008 R2 SP1 Security Compliance Baseline:

• Version 1.1 of the of the Windows Server 2008 R2 SP1 Security Compliance Baseline:
  • The value of the setting "Audit: Audit the use of Backup and Restore privilege" is not configured correctly when a GPO is imported. The workaround for this issue is to manually configure this setting in the SCM tool UI.
  • The domain part of the account in the format of domain\user is missing after importing the setting "Profile System Performance" from a GPO. The workaround for this issue is to manually define the domain part of the account in the SCM tool UI after importing this setting from a GPO.
• None for the 1.0 release (September 2011).