This hotfix for the NetIQ Secure Configuration Manager adds new policy templates and security checks, provides various enhancements, resolves previous issues. This release notes document outlines why you should install this hotfix.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Secure Configuration Manager forum, our community Web site that also includes product notifications, blogs, and product user groups.
For more information about this release and for the latest Release Notes, see the Secure Configuration Manager Documentation web site. To download this product, see the Secure Configuration Manager Hotfixes Web site.
This hotfix adds new policy templates and security checks, provides various enhancements, and resolves previous issues. For the list of software fixes and enhancements in previous releases, see the Secure Configuration Manager Documentation page.
This hotfix adds the following policy templates:
CIS Level One Microsoft Windows Server 2008 R2 Benchmark v2.1.0 policy template against Domain Controller
CIS Level One Microsoft Windows Server 2008 R2 Benchmark v2.1.0 policy template against Member Server
This hotfix adds the following security checks:
Administrator Account Name
Allow Server Operators to schedule tasks - Windows 2008 or later
Allow local system to use computer identity for NTLM information
Allow and configure PKU2U authentication requests to this computer to use online identities
Amount of idle time before disconnection - Windows 2008 or later
Configure Active Directory Certificate Services
Configure Active Directory Domain Services
Configure AD FS Web Agent Authentication Service
Configure AD RMS Logging Service
Configure Application Experience
Configure Application Host Helper Service
Configure Application Information
Configure Application Layer Gateway Service
Configure Application Management
Configure ASP .NET State Service
Configure Background Intelligent Transfer Service
Configure Certificate Propagation
Configure Cluster Service
Configure CNG Key Isolation
Configure COM+ System Application
Configure Computer Browser
Configure DFS Namespace
Configure DHCP Client
Configure DHCP Server
Configure Diagnostic Policy Service
Configure Diagnostic Service Host
Configure Diagnostic System Host
Configure Distributed Link Tracking Client
Configure Distributed Transaction Coordinator
Configure DNS Client
Configure DNS Server
Configure Extensible Authentication Protocol
Configure Fax
Configure File Replication
Configure File Server Resource Manager
Configure File Server Storage Reports Manager
Configure force logoff when hours expire
Configure FTP Publishing Service
Configure Function Discovery Provider Host
Configure Function Discovery Resource Publication
Configure Health Key and Certificate Management
Configure Human Interface Device Access
Configure IIS Admin Service
Configure Interactive Services Detection
Configure Internet Connection Sharing (ICS)
Configure Intersite Messaging
Configure IPsec Policy Agent
Configure Kerberos Key Distribution Center
Configure KtmRm for Distributed Transaction Coordinator
Configure Link-Layer Topology Discovery Mapper
Configure Message Queuing
Configure Message Queuing Down Level Clients
Configure Message Queuing Triggers
Configure Microsoft .NET Framework NGEN v2.0.50727_X86
Configure Microsoft iSCSI Initiator Service
Configure Microsoft iSNS Server
Configure Microsoft Software Shadow Copy Provider
Configure Multimedia Class Scheduler
Configure Net.Msmq Listener Adapter
Configure Net.Pipe Listener Adapter
Configure Net.Tcp Listener Adapter
Configure Net.Tcp Port Sharing Service
Configure Netlogon
Configure Network Access Protection Agent
Configure Network Connections
Configure Network Policy Server
Configure Offline Files
Configure Online Responder Service
Configure Peer Name Resolution Protocol
Configure Peer Networking Identity Manager
Configure Performance Logs Alerts
Configure PnP-X IP Bus Enumerator
Configure PNRP Machine Name Publication Service
Configure Portable Device Enumerator Service
Configure Print Spooler
Configure Problem Reports and Solutions Control Panel Support
Configure Protected Storage
Configure Quality Windows Audio Video Experience
Configure Remote Access Auto Connection Manager
Configure Remote Access Connection Manager
Configure Remote Desktop Configuration
Configure Remote Desktop Gateway
Configure Remote Desktop Licensing
Configure Remote Desktop Services
Configure Remote Desktop Session Broker
Configure Remote Desktop UserMode Port Redirector
Configure Remote Procedure Call (RPC) Locator
Configure Removable Storage
Configure Resultant Set of Policy Provider
Configure Routing and Remote Access
Configure Secondary Logon
Configure Secure Socket Tunneling Protocol Service
Configure Server
Configure Server for NFS
Configure Server For NIS
Configure Simple Mail Transport Protocol (SMTP)
Configure SL UI Notification Service
Configure Smart Card
Configure Smart Card Removal Policy
Configure SNMP Service
Configure SNMP Trap
Configure Special Administration Console Helper
Configure SSDP Discovery
Configure Superfetch
Configure System Event Notification Service
Configure TCP-IP Print Server
Configure Telephony
Configure Telnet
Configure Themes
Configure Thread Ordering Server
Configure TPM Base Services
Configure UPnP Device Host
Configure Virtual Disk
Configure Volume Shadow Copy
Configure Web Management Service
Configure webclient
Configure Windows Audio
Configure Windows Audio Endpoint Builder
Configure Windows CardSpace
Configure Windows Color System
Configure Windows Deployment Services server
Configure Windows Driver Foundation - User-mode Driver Framework
Configure Windows Error Reporting Service
Configure Windows Event Collector
Configure Windows Installer
Configure Windows Internal Database
Configure Windows Internet Name Service (WINS)
Configure Windows Modules Installer
Configure Windows Presentation Foundation Font Cache 3.0.0.0
Configure Windows Process Activation Service
Configure Windows Remote Management (WS-Management)
Configure Windows Search
Configure Windows System Resource Manager
Configure WinHTTP Web Proxy Auto-Discovery Service
Configure Wired AutoConfig
Configure WMI Performance Adapter
Configure World Wide Web Publishing Service
Display administrator account status
Display desktop client connection encryption level
Display LDAP server signing requirements
Display local system NULL session fallback
Legal notice displayed information - Windows 2008 or later
Legal notice title information
Maximum computer account password age - Windows 2008 or later
Number of previous logons to cache - Windows 2008 or later
Password expiration user warning setting - Windows 2008 or later
Refuse computer account password changes information
Rename Guest account information - Windows 2008 or later
Set Automatic Windows Event Log
Set Automatic Windows Update
Set Base Filtering Engine- Automatic
Set COM+ Event System- Automatic
Set Cryptographic Services- Automatic
Set DCOM Server Process Launcher- Automatic
Set Desktop Window Manager Session Manager- Automatic
Set DFS Replication- Automatic
Set Group Policy Client- Automatic
Set IKE and AuthIP IPsec Keying Modules- Automatic
Set IP Helper- Automatic
Set Microsoft Fibre Channel Platform Registration Service- Automatic
Set Network List Service- Automatic
Set Network Location Awareness- Automatic
Set Network Store Interface Service- Automatic
Set Plug and Play- Automatic
Set Power- Automatic
Set Remote Procedure Call (RPC)- Automatic
Set Remote Registry- Automatic
Set Security Accounts Manager- Automatic
Set Shell Hardware Detection- Automatic
Set Software Protection- Automatic
Set Task Scheduler- Automatic
Set TCP-IP NetBIOS Helper- Automatic
Set undock without logging on setting
Set User Profile Service- Automatic
Set Windows Firewall- Automatic
Set Windows Management Instrumentation- Automatic
Set Windows Time- Automatic
Set Workstation- Automatic
Shares that can be accessed anonymously - Windows 2008
TCP keep alive time information
User rights information
NOTE:Ensure that you have installed NetIQ Secure Configuration Manager Windows Agent 5.9.1 Hotfix 7015966.
The Missing Assessment report, which lists all servers and endpoints that are missing applicable template assessments, now contains information that will help you to determine if assessments were attempted but failed, and the reason of failure if failed.
This hotfix reduces the disk space utilization by optimizing the checks execution details storage process.
Bulk purging job feature that was provided in Secure Configuration Manager Hotfix 7015965 is no longer supported.
This hotfix resolves the following issues.
Issue: While installing hotfixes, the Secure Configuration Manager database backup fails. (BUG 941079)
Fix: Now the database is successfully backed up during installation based on the user selection.
Issue: The default security check for installed antivirus software in the system does not find Symantec version 12 antivirus software. (BUG 912545)
Fix: This hotfix updates the default security check to find Symantec version 12. This check is available through the external Autosync server.
This hotfix requires NetIQ Secure Configuration Manager 5.9.1. For information about hardware requirements, supported operating systems and browsers, and other software requirements, see the Installation Guide for NetIQ Secure Configuration Manager.
This hotfix updates Secure Configuration Manager Core Services and the console. You must install this hotfix on both core services computer as well as on the console computer if core and console are in different machines.
Before installing this hotfix:
Ensure that you have installed the previous hotfixes provided for Secure Configuration Manager 5.9.1.
Ensure that the SQL Server agent is running in your SCM environment.
To start the SQL Server Agent, go to Services and start the appropriate SQL Server Agent instance which has SCM installed.
IMPORTANT: To install this Hotfix in an environment where the SQL Server is running on a non-default port, perform the following steps::
Switch your SQL Server environment to default port (1433) configuration.
Install the Hotfix.
Revert the environment to the non-default port configuration.
Log in to the Core Services computer with a local administrator account.
Run the SCM591_Hotfix7016729.exe file.
Follow the instructions in the wizard until you have finished installing the hotfix.
To verify that the hotfix installation was successful:
Log in to the Secure Configuration Manager console.
On the Help menu, click About NetIQ Secure Configuration Manager.
On the Core Services and Database tabs, verify SCM 5.9.1 Hotfix 7016729.
This hotfix updates the following files:
Core Services files:
<Installation Directory>\Core Services\lib\ext\coredb.jar
<Installation Directory>\Core Services\lib\ext\capi.jar
<Installation Directory>\Core Services\etc\capi.vdal
Database files:
dbo.SPADDR_TASKS.PRC
dbo.spGetReportCheckAppendixes.PRC
sp_getReport2.PRC
dbo.sp_deleteTask.PRC
DropBulkPurging.sql
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.
NetIQ Secure Configuration Manager is protected by United States Patent No(s): 5829001, 7707183.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2015 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.