The Windows Server 2008 Security Configuration Wizard
Windows Server 2008 includes the Server Manager, which you can use to install Server Roles and features. One of the major enhancements included with the Windows Server 2008 Server Manager is that when you install roles and features, security best practices are built in and the machine is configured with an optimal security configuration to support the services and features you installed through Server Manager.
So, you'd think there would be no place for the Security Configuration Wizard (SCW) in Windows Server 2008, right? We needed it for Windows Server 2003, since the installation routines for server roles and features didn't take into account security best practices. But why would we use it in Windows Server 2008?
Well, you can use the Windows Server 2008 Security Configuration Wizard to help keep your server secure by checking for possible vulnerabilities that were introduced after the Server Manager installed the Roles and Features. You can also use the SCW to create policies for roles not installed by using Server Manager (you might have programmatically installed a role or service, which bypasses security best practices).
You can also use SCW to create an apply server security policies when you:
- Modify the configuration of a default component on a Windows Server 2008-based computer. However, using SCW after modifying a role or feature through Server Manager is not a requirement.
- Create and apply policy for server roles not installed through Server Manager, such as Microsoft SQL Server or Microsoft Exchange Server. SCW includes policies for many roles and features not installed with Server Manager.
- Define new roles for non-Microsoft applications and create and apply policy for those roles. Run SCW whenever a non-Microsoft application is added or removed. SCW has a public schema for organizations to create new roles
And remember, the SCW also is tightly integrated with the Windows Advanced Firewall, so it takes care of the inbound and outbound access control rules you need for the firewall.
For more information about the Windows Server 2008 SCW, check out:
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP - Microsoft Firewalls (ISA)