Installation guide
VCM Security Guide
Using VCM to Manage the SQL Server 27
Having a SQL Server Machine Group in VCM 27
Microsoft SQL Server Best Practices and Hardening Tests 27
Direct SQL Server Login 28
Login Accounts for SQL Server 28
Restrict Access to Configuration Tools 28
Delegation for Split Installations 28
Do Not Connect from Outside the Server Zone 29
Web Server 31
Using VCM to Manage the Web Server 31
Having a Web Server Machine Group in VCM 31
Using Windows Integrated Authentication 31
Using HTTPS 32
Web Server Certificates 32
Mutual Authentication 32
VCM Agent Systems and Managed Machines 33
Trusting the VCM Agent on a Managed Machine 33
Using VCM to Manage Machines 33
Machine Groups 33
Restricting Access to Scripting 34
Users Who Are Not Local Administrators 34
VCM Agent 34
Agent Installation Directory 34
Agent Availability 34
Continuous Possession and Control of the Agent 34
Unauthorized Agents 35
Restricting Access to Machine Configuration 35
Local Administrator Account 35
BIOS Password 35
Disabling Alternative Startup 35
Maintenance Mode 35
Trusted Certificate Store 36
Protecting Private Keys 36
Protecting Authorized Collector Certificates 36
Securing Machine Backups that Contain Keys 36
Enterprise Certificate 36
Trustworthiness of Data 36
Individual CollectionResults 37
VCM User Interface System 39
Using VCM to Manage the UI System 39
User Interface Systems Machine Group 39
Access Control 40
Disabling Automatic Login 40
Disabling Simultaneous Login 40
Using Windows Credentials 40
Public Access Points 41
Cross-site Scripting 41
Internet Explorer Trusted Zone 41
Adding the VCM Web Server 41
Removing Untrusted Systems 42
Customizing Internet Security Options 42
Trusted Software 42
Verifying Certificates 42
HTTPS Certificate 42
4
VMware, Inc.