Security and Privacy for Queries in Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
This topic appears in the Assets and Compliance in System Center 2012 Configuration Manager guide and in the Security and Privacy for System Center 2012 Configuration Manager guide.
Queries in Configuration Manager let you retrieve information from the site database based on the criteria that you specify. Configuration Manager collects the site database information during standard operation. For example, by using information that has been collected from discovery or inventory, you can configure a query to identify devices that meet specified criteria.
For more information about queries, see Introduction to Queries in Configuration Manager. For more information about any security best practices and privacy information for Configuration Manager operations that collect the information that you can retrieve by using queries, see Security Best Practices and Privacy Information for Configuration Manager.
Use the following security best practice for queries.
Security best practice
When you export or import a query that is saved to a network location, secure the location and secure the network channel.
Restrict who can access the network folder.
Use server message block (SMB) signing or Internet Protocol Security (IPsec) between the network location and the site server to prevent an attacker from tampering with the query data before it is imported.