Policy templates let you quickly and easily determine the compliance of your entire enterprise with your security policies. Each policy template contains multiple security checks designed to search for a specific set of issues. Secure Configuration Manager includes a large number of built-in policy templates, organized in the following categories: Regulations, Bulletins, and Best Practices. For example, under Best Practices, the CIS Benchmark policy templates include security checks based on recommendations from the Center for Internet Security (CIS) and are certified by CIS.
You can modify the built-in policy templates or create new templates to express corporate technical standards and current industry standards. To determine whether a particular policy template meets your enterprise’s needs, you can print information about the security checks in that policy template. To print policy template information, your console user account needs the Print Policy Template Information permission. You must also have Adobe® Reader® installed on the console computer to print and view the report.
Occasionally, you might want to save a specific version of a policy template before downloading a newer version from the AutoSync server. You can export templates as XML-formatted files with a .tpl extension. To export a policy template, your console user account needs the Export Policy Template permission. You can import one or more policy templates you have previously exported from the current Core Services or another Secure Configuration Manager Core Services. You can also use the import feature to restore a policy template that was changed incorrectly. If a policy template with the same name already exists, you have the option to overwrite the existing template. To import a policy template, your console user account needs the Import Policy Template permission.
Many built-in policy templates use the same security check multiple times to validate different system settings. When the template contains multiple instances of the same check, each instance can be identified by a unique name, or Check Alias. For example, the CIS Level One Benchmark for Windows Server 2003 policy template includes multiple instances of the User rights security check. The alias for the first User rights instance is “4.2.1 Access this computer from the network” to indicate the check validates the status of network logon privileges on the endpoint. The second instance, “4.2.10 Create a pagefile,” validates privileges for creating page files.
The following table shows where you can learn more about policy templates.
|
If you want to ... |
See ... |
|---|---|
|
Modify a built-in policy template |
|
|
Create a custom policy template |
Section 6.6.2, Translating a Technical Standard to a Policy Template |
|
Compare the results for policy template runs |
|
|
Evaluate endpoints based on policy template results |
|
|
Learn more about the AutoSync server |
|
|
Learn more about managing permissions in the console |