Available only in the Windows console.
If you add an endpoint, but the endpoint is not registered at that time due to a network problem or the computer being inaccessible, you can manually register the endpoint. Any time you no longer need an endpoint, you can delete that endpoint.
You can also change endpoint properties, such as a contact email, at any time after you have added the endpoint. Some endpoint properties apply to specific operating systems. The endpoint properties include importance level, which allows you to indicate each endpoint’s value to your organization. For more information about modifying the importance level property, see Assigning Importance to Endpoints.
NOTE:
After you have added a custom endpoint property, the property cannot be deleted.
Deleting an endpoint does not remove the Secure Configuration Manager software installed on the agent computer.
Secure Configuration Manager employs a process called manage by proxy to let you manage and assess some endpoints without installing an agent on the computer. Instead, an agent in the same domain as the agentless asset would managing the endpoints on othat asset.
The manage by proxy capability simplifies deployment. For example, a single instance of the Windows agent is capable of managing any endpoint that is a member of the domain in which the agent service is installed. The computers within the domain must share a common security account (user and group) database and policy.
To set up a proxy agent, add the agent to your asset map, and then add endpoints residing on agentless assets to the agent.
When a minor vulnerability occurs on a high-value asset, you may consider the vulnerability a high risk in your environment. Secure Configuration Manager lets you assign an importance value to each endpoint so you can weight resulting risk scores based on the value of the asset to your organization. An endpoint’s importance level represents the criticality of that asset to your company business and applications. For example, you may consider a corporate mail server a greater security risk than a desktop workstation with a very critical vulnerability, even if the mail server has a less critical vulnerability. You can change the importance level by modifying the endpoint’s properties. To assign an importance level to an endpoint, your console user account needs the Assign Importance permission. For more information, see Managing Permissions.
Importance levels range from Very Low to Very High. By default, an endpoint has a Medium importance when it is created. Secure Configuration Manager maps each level to a percentage that is ultimately multiplied by the exposure score to determine the risk score, which numerically expresses the current level of an endpoint’s vulnerability. Secure Configuration Manager calculates the exposure score for each endpoint by using the scoring method, threat factor, and number of violations for a security check. The threat factor serves as an approximate penalty value, greater than 0, used to calculate the exposure score of a security check. Secure Configuration Manager maps each importance level to a multiplier value. The multiplier value serves as the percentage ultimately multiplied by the exposure score to determine the risk score. For more information about scoring, see Understanding Risk Scoring.
NOTE:An endpoint may belong to more than one group. Since an endpoint can have only one importance level, you should assign the highest level to the endpoint when you view the endpoint across all groups. For example, if an endpoint has “Medium” importance in the Sales group, but has “High” importance in the Managers group, assign a “High” importance level to that endpoint.