Security is one of the most important concerns for any company, but auditing the security of 100 computers is a huge task, let alone 10,000 computers. This is where System Center Configuration Manager (ConfigMgr) comes into play. ConfigMgr allows you to write a Configuration Item (CI) for each item you want to check. You then can bundle multiple CIs into a Configuration Baseline (CB) which is deployed to a collection of computers, but who wants to try and write a pile of CIs? Do you even know what to track? Lucky for you Microsoft recently released its Vulnerability Assessment Configuration Pack. What is it? To quote the download link, “Configuration Manager Vulnerability Assessment allows to scan managed systems for common missing security updates and misconfigurations which might make client computers more vulnerable to attack.”
With a small amount of work you can check your vulnerability assessment without ever leaving your office!
1. Start by downloading the Vulnerability Assessment Configuration Pack.
2. Click Next.
3. Select I accept… and then click Next.
4. Click Next.
5. Click Install.
6. Click Finish.
7. Next open the ConfigMgr Console.
8. Ensure that your PowerShell execution policy is set to Bypass as it is above.
9. Navigate to Assets and Compliance / Compliance Settings / Configuration Baselines, right-click and select Import Configuration Data.
10. Click on the Add… button.
11. Locate the VACP.cab file, select it and then click Open.
12. Click Next.
13. Click Next.
14. Click Close.
15. Right click on the first baseline (Vulnerability Assessment: IIS Baseline) and click Deploy.
16. Highlight and click the add button for Vulnerability Assessment: SQL Server Baseline and Vulnerability Assessment: Windows Baseline.
17. Using the Browse button select the collection you wish to deploy before clicking the OK button to complete the Wizard.
With that last step you are done! If you have any questions about installing the Vulnerability Assessment Configuration Pack, please leave me a note in the comment section below or send an email to Techtalk.