Security and Privacy for Migration to System Center 2012 Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
This topic contains security best practices and privacy information for migration to your System Center 2012 Configuration Manager environment.
Use the following security best practice for migration.
Security best practice
Use the computer account for the Source Site SMS Provider Account and the Source Site SQL Server Account rather than a user account.
If you must use a user account for migration, remove the account details when migration is completed.
Use IPsec when you migrate content from a distribution point in a source site to a distribution point in your destination site.
Although the migrated content is hashed to detect tampering, if the data is modified while it is transferred, the migration will fail.
Restrict and monitor the administrative users who can create migration jobs.
The integrity of the database of the destination hierarchy depends upon the integrity of data that the administrative user chooses to import from the source hierarchy. In addition, this administrative user can read all data from the source hierarchy.
Migration has the following security issues:
Clients that are blocked from a source site might successfully assign to the destination hierarchy before their client record is migrated.
Although Configuration Manager retains the blocked status of clients that you migrate, the client can successfully assign to the destination hierarchy if assignment occurs before the migration of the client record is completed.
Audit messages are not migrated.
When you migrate data from a source site to a destination site, you lose any auditing information from the source hierarchy.
Migration discovers information from the site databases that you identify in a source infrastructure and stores this data to the database in the destination hierarchy. The information that System Center 2012 Configuration Manager can discover from a source site or hierarchy depends upon the features that were enabled in the source environment, as well as the management operations that were performed in that source environment.
For more information about security and privacy information, see one of the following topics:
For more information about the privacy information for Configuration Manager 2007, see Security and Privacy for Configuration Manager 2007 in the Configuration Manager 2007 documentation library.
For more information about the privacy information for System Center 2012 Configuration Manager, see Security and Privacy for System Center 2012 Configuration Manager in the System Center 2012 Configuration Manager documentation library.
You can migrate some or all of the supported data from a source site to a destination hierarchy.
Migration is not enabled by default and requires several configuration steps. Migration information is not sent to Microsoft.
Before you migrate data from a source hierarchy, consider your privacy requirements.