System Center Configuration Manager 中的集合的安全和隐私


适用对象:System Center Configuration Manager (current branch)

<_caps3a_sxs _xmlns3a_caps=""><_caps3a_sxstarget locale="zh-CN">本主题包含 System Center Configuration Manager 中的集合的安全最佳方案和隐私信息。没有专门针对 配置管理器 中的集合的隐私信息。 集合是资源(如用户和设备)的容器。 集合成员身份通常依赖于 配置管理器 在标准操作过程中收集的信息。 例如,通过使用从发现或清单收集的资源信息,可以将集合配置为包含满足指定条件的设备。 集合还可以基于客户端管理操作的当前状态信息,例如正在部署软件和正在检查符合性。 除了这些基于查询的集合,管理用户还可以将资源添加到集合。有关集合的详细信息,请参阅 Introduction to Collections in Configuration Manager。 有关 配置管理器 操作(可以用于配置集合成员身份)的任何安全最佳方案和隐私信息的详细信息,请参阅 Security Best Practices and Privacy Information for System Center Configuration Manager。集合的最佳安全方案可将以下最佳安全方案用于集合。最佳安全方案更多信息当你使用保存到网络位置的托管对象格式 (MOF) 文件导出或导入集合时,请保护该位置和网络通道的安全。限制可访问网络文件夹的人员。在网络位置与站点服务器之间使用服务器消息块 (SMB) 签名或 Internet 协议安全性 (IPsec),以防止攻击者篡改导出的集合数据。 使用 IPsec 对网络上的数据进行加密以防止信息泄漏。集合的安全问题集合具有以下安全问题:如果使用集合变量,本地管理员可以读取可能敏感的信息。在部署操作系统时,可以使用集合变量。Collections in Configuration Manager <_caps3a_sxssource locale="en-US">This topic contains security best practices and privacy information for collections in System Center Configuration Manager.There is no privacy information specifically for collections in 配置管理器. Collections are containers for resources, such as users and devices. Collection membership often depends on the information that 配置管理器 collects during standard operation. For example, by using resource information that has been collected from discovery or inventory, a collection can be configured to contain the devices that meet specified criteria. Collections might also be based on the current status information for client management operations, such as deploying software and checking for compliance. In addition to these query-based collections, administrative users can also add resources to collections.For more information about collections, see Introduction to Collections in Configuration Manager. For more information about any security best practices and privacy information for 配置管理器 operations that can be used to configure collection membership, see Security Best Practices and Privacy Information for System Center Configuration Manager.Security Best Practices for CollectionsUse the following security best practice for collections.Security best practiceMore informationWhen you export or import a collection by using a Managed Object Format (MOF) file that is saved to a network location, secure the location, and secure the network channel.Restricts who can access the network folder.Use Server Message Block (SMB) signing or Internet Protocol security (IPsec) between the network location and the site server to prevent an attacker from tampering with the exported collection data. Use IPsec to encrypt the data on the network to prevent information disclosure.Security Issues for CollectionsCollections have the following security issues:If you use collection variables, local administrators can read potentially sensitive information.Collection variables can be used when you deploy an operating system.Collections in Configuration Manager