Installing Security Compliance Manager

This recipe shows the steps required for a successful installation of Security Compliance Manager.

Getting ready

You should prepare a physical or virtual system to install Security Compliance Manager on. In addition, you should complete the previous recipe Preparing for the creation of a compliance baseline before starting the installation.

How to do it...

The prerequisites for installing Security Compliance Manager are as follows:

• Prepare an account that has administrative privileges on the system where Security Compliance Manager will be installed
• Ensure you have access to Group Policy Management Console and read-access to AD
• Ensure you have a compatible operating system; at the time of writing, a client system with Windows 7, Windows 8 and later, or a server system with Windows 2008 R2 or Windows 2012, is sufficient
• Install the prerequisites as follows:
  • Windows Installer 4.5 (already included in Windows 8 and Windows 2012).
  • Microsoft .NET Framework 4; ensure that .NET Framework 3.5 is installed on the system. If you do not preinstall it, the installation will fail on Windows 8, Windows 2012, and later. You will have to provide an installation source, such as a Windows 2012 DVD (<Drive letter>:\Sources\SxS) when installing it on Windows Server 2012. The following screenshot shows the place to enter the path:
    

    Tip

    Optionally, install a local instance of SQL server 2008 or higher; otherwise, a SQL Server 2008 Express edition will be installed automatically.

• Download the Security Compliance Manager from http://www.microsoft.com/en-us/download/details.aspx?id=16776
• In case no other SQL server is installed, download SQL Server 2008 Express Service Pack 3 from http://www.microsoft.com/en-us/download/details.aspx?id=27594

To install Security Compliance Manager, perform the following steps:

1. Go to your downloaded source file and run Security_Compliance_Manager_Setup.exe as administrator.
2. Accept the User Account Control asking for permission for the installation.
3. In the next two steps, all prerequisites are installed, including the following:
   • The Microsoft Visual C++ 2010 x86 redistributable—accept the license terms, click on Install to start the installation, and then click on Finish to complete it
   • .NET Framework 3.5 (only if not previously installed—please refer to the prerequisites in the case of an error)
4. In the Microsoft Security Compliance Manager Setup window, click on the checkbox Always check for SCM and baseline updates and click on the Next button.
   
5. Accept the licensing terms, and click on the Next button.
6. In the next window, either accept the default path C:\Program Files\Security Compliance Manager, or click on the Browse button and change to a customized path. After that, click on the Next button.
7. In the window Microsoft SQL Server 2008 Express, click on the Next button to install the database.
8. Accept the licensing terms in the next window for Microsoft SQL Server 2008 Express and click on the Next button.
9. The Ready to install window shows the installation summary. Click on the Install button to start the installation.
10. On Windows 8 and Windows Server 2012, an error message appears for the SQL installation. Accept this by clicking on Run the program without getting help. This window (shown in the following screenshot) is expected and does not influence the installation process. For a stable environment, SQL 2008 Express SP3 must be installed after the installation.
    
11. The next window shows the successful installation of Security Compliance Manager. Click on the Finish button to complete the installation.
12. The Microsoft Security Compliance Manager Console opens, and an automatic download of baselines starts:
    
13. Before doing anything else, close the console, go to the SQL Server 2008 Express Service Pack 3 download, and install it for all components.

How it works...

The installation of Security Compliance Manager is fairly simple. The important part is to ensure all prerequisites are met. There are no special hardware requirements, as a normal provisioned client system with Windows 7 or Windows 8 and later, or a server system with Windows 2008 R2 or Windows 2012, is sufficient. At the time of writing, these are the currently supported Windows versions.

If no database existed prior to the installation, a SQL 2008 Express database will be created. This stores the established standards and custom baselines in addition to audits and reports.

See also

For further details on the installation process, please go to the TechNet site at http://social.technet.microsoft.com/wiki/contents/articles/1866.microsoft-security-compliance-manager-scm-getting-started.aspx.

For further details on the compatibility of SQL server, please go to http://blogs.msdn.com/b/psssql/archive/2012/09/01/installing-sql-server-on-windows-8.aspx.