programming4us
programming4us
SECURITY

Windows Server 2008 : Security Configuration Wizard (part 1) - Understanding the Security Configuration Wizard

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
2/15/2014 1:50:07 AM

Understanding the Security Configuration Wizard

The Security Configuration Wizard (SCW) can help you increase security on a system (or multiple systems). The wizard leads you through the process of identifying several things you can do to increase the security. Elements the SCW examine include

  • Services that are needed (and services that aren’t needed)

  • Firewall rules to implement

  • Registry settings to change

  • Audit settings to enable

Tip

Combined, these settings harden the server by reducing the attack surface.


You can launch the SCW from the Administrative Tools menu. It analyzes the current operations of the system and makes recommendations for changes to make the system more secure. You can create a security policy, edit a security policy, apply a security policy, or roll back the last security policy with the SCW.

The following steps show how to create a security policy with the SCW.

StepAction
1.Launch the Security Configuration Wizard from the Administrative Tools menu.
2.Click Next on the Welcome page.
3.Select Create A New Security Policy and click Next.
4.Type the name of the server you want to analyze and click Next.
5.After the Security Configuration Database has been analyzed, click Next.
6.Click Next on the Role-Based Configuration page.
7.Review the server roles. These are the roles that are currently installed, and the SCW uses them to determine which services should be running and which ports should be open. Make any changes desired, and then click Next.
8.Review the client features. These are the features that are currently installed and used to enable services or support different client features. Make any changes desired and click Next.
9.Review the options page. These are the administration and other options used to enable services or open ports. Make any changes desired, and then click Next.
10.If the Additional Services page appears, review them, make any desired changes, and click Next.
11.On the Handling Unspecified Services page, select the desired action. The default is to not change the startup mode, but it is more secure to select Disable the Service if it is not needed.

Note

Selecting Disable the Service is more secure; however, you run the risk of disabling a service that the SCW was unaware was needed and affecting the reliability of your system.

Choose how to handle unspecified services and click Next.
12.View the changes that the SCW recommends. Your display should look similar to Figure 1. When you’re satisfied with these changes, click Next.
13.On the Network Security section, select Skip This Section and click Next.

Note

The Network Security section enables you to view and manipulate firewall rules for the local firewall. You can click through these settings to identify what the wizard recommends.

14.On the Registry Settings section, select Skip This Section and click Next.

Note

The Registry Settings section enables you to view and manipulate different security settings related to SMB security signatures, LDAP signing, and LAN Manager Authentication. You can click through these settings to identify what the wizard recommends.

15.On the Audit Policy section, click Next.
16.Ensure that Audit Successful Activities is selected and click Next. Review the Audit Policy Summary page and click Next.
17.On the Save Security Policy page, click Next.
18.Notice that the file is saved in c:\windows\security\msscw\policies\ by default. Add a name such as scwtest at the end of the path. Click Next.

Note

The file is automatically saved as an .xml file with the .xml extension.

19.Ensure Apply Later is selected and click Next. Click Finish.

Figure 17-1. Confirming service changes by the SCW

At this point, you have a policy created and you can use the scwcmd tool to manipulate it.

Other  
  •  8 Tips To Protect Your Business’s Wireless Network
  •  Web Security : Automating with LibWWWPerl - Using Threading for Performance
  •  Web Security : Automating with LibWWWPerl - Editing a Page Programmatically
  •  Web Security : Automating with LibWWWPerl - Uploading Viruses to Applications, Parsing for a Received Value with Perl
  •  Web Security : Automating with LibWWWPerl - Uploading Malicious File Contents, Uploading Files with Malicious Names
  •  Windows Server 2008 and Windows Vista : Controlling GPOs with Scripts and Automation - VBScript Scripting , Windows PowerShell
  •  Windows Server 2008 and Windows Vista : GPO Security (part 2)
  •  Windows Server 2008 and Windows Vista : GPO Security (part 1)
  •  Windows Server 2008 and Windows Vista : Advanced Group Policy Management Delegation - Approving, Reviewing
  •  Windows Server 2008 and Windows Vista : Advanced Group Policy Management Delegation - Full Control, Editing
  •  
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us
    programming4us
     
     
    programming4us