Information on using Mobile Device Manager in a locked down environment

image The System Center Mobile Device Manager 2008 Security Configuration Wizard (SCW) includes three templates that you can apply to MDM servers to help enhance security by disabling functionality that is not required for the servers.

The SCW is an attack-surface reduction tool that is bundled with Microsoft Windows Server 2003. By using the SCW, you can create security templates that then can be applied to the server on which they were created or to other similarly configured servers.

The MDM SCW templates provided in this download are pre-configured by using SCW to disable functionality that is not required on each MDM server. The following SCW templates are included:

* DeviceManagementPolicy.xml - Template for MDM Device Management Server

* EnrollmentPolicy.xml - Template for MDM Enrollment Server

* GatewayPolicy.xml - Template for MDM Gateway Sever

For more information about using SCW, see "SCW Quick Start Guide" on the following
TechNet Web page: https://go.microsoft.com/fwlink/?LinkId=118378

Obtain the Server Tools here:

Resource Kit Tools - Server Tools
https://www.microsoft.com/downloads/details.aspx?FamilyID=0433b453-15a5-48ae-a343-6a1053f46251&displaylang=en

Network Service account requirements, as well as other security specific content:

Provide Network Service Permissions to the Certificate
https://download.microsoft.com/download/7/e/f/7ef580df-3666-4746-b5ad-67393983c819/SCMDM08Deployment.doc

Other Tools:

System Center Mobile Device Manager Resource Kit Tools
https://technet.microsoft.com/en-us/scmdm/cc304591.aspx

Other security content:

Security Best Practices in MDM
https://technet.microsoft.com/en-us/library/dd261854.aspx

MDM Backup and Recovery
https://technet.microsoft.com/en-us/library/dd261892.aspx

Security and Protection for Mobile Device Manager
https://technet.microsoft.com/en-us/library/dd252842.aspx

Clint Koenig | Support Escalation Engineer