Introduction

Our compliance process starts with a simple tool called Microsoft Security Compliance Manager. This free tool allows you to create and centrally manage compliance baselines based on Group Policy Objects (GPOs). The tool is used to compare your GPOs against established standards and to export them for use within other configuration management tools. The focus of Security Compliance Manager is on technical compliance. It includes industry best-practice baselines and supports auditing existing baselines. Security Compliance Manager allows you to kick-start your compliance program for existing technologies such as Active Directory Domain Services.

You could buy one of the compliance tools that offer more functionality and cover a broader spectrum of compliance; however, before spending the money, it is worth reviewing this free tool that may cover your requirements. Start with a technology that is already available within your environment and use or enhance this to create your compliance process. Only start to think about adding more complexity to your compliance process after you have mastered the recipes shown in this chapter. Think of it like building a house. First, you have to build the walls and roof and add windows and doors. Only after you have completed those steps do you have a basis from which you are able to add complexity—such as electricity or interior design—without having to worry about damage to your house or theft.