1 of 1 people found this helpful
The Audit job is designed to compare the master with other targets and remediate the targets to be compliant with master
The Audit job can be created from a Component Template, Live Browse, or from an snapshot
Please mark answer correct if your problem solved
There are pros and cons to both. You can quickly take a Snapshot of server parts, and compare that Snapshot against other servers to see the differences. As Atul stated, you can easily "sync with master" on many of those objects (but not all) to make the servers like the master one.
Component Templates take longer to set up but they are more powerful. You can add logic conditions to your imported parts (for example, does this registry key exist and does the value equal this number) and easily create remediation BLPackages. Whether they are imported server parts, scripts, software installations, etc.
robert - there are out of the box component templates provided for the stig that you can use to bring your servers into compliance. have you looked into use those ? then are available for download on the epd.
I am using the SCAP for compliance (windows). What I would like to do is run the SCAP against my servers and then go back and remediate the non-compliant issues. I know I can modify the out of the box templates but I would have to use the ootb template which makes my servers less compliant. Any ideas would be appreciated.
unfortunately scap doesn't support remediation. so you would need to modify your templates w/ the matching rules from scap and build remediations from there. or you need to buld the blpackages, and manually correlate which packages needs to get deployed based on your scap results.