Understanding the Security Configuration Wizard
The Security Configuration Wizard (SCW) can
help you increase security on a system (or multiple systems). The
wizard leads you through the process of identifying several things you
can do to increase the security. Elements the SCW examine include
Services that are needed (and services that aren’t needed)
Firewall rules to implement
Registry settings to change
Audit settings to enable
Tip
Combined, these settings harden the server by reducing the attack surface.
You can launch the SCW from the Administrative Tools
menu. It analyzes the current operations of the system and makes
recommendations for changes to make the system more secure. You can
create a security policy, edit a security policy, apply a security
policy, or roll back the last security policy with the SCW.
The following steps show how to create a security policy with the SCW.
| Step | Action |
|---|
| 1. | Launch the Security Configuration Wizard from the Administrative Tools menu. |
| 2. | Click Next on the Welcome page. |
| 3. | Select Create A New Security Policy and click Next. |
| 4. | Type the name of the server you want to analyze and click Next. |
| 5. | After the Security Configuration Database has been analyzed, click Next. |
| 6. | Click Next on the Role-Based Configuration page. |
| 7. | Review
the server roles. These are the roles that are currently installed, and
the SCW uses them to determine which services should be running and
which ports should be open. Make any changes desired, and then click Next. |
| 8. | Review
the client features. These are the features that are currently
installed and used to enable services or support different client
features. Make any changes desired and click Next. |
| 9. | Review
the options page. These are the administration and other options used
to enable services or open ports. Make any changes desired, and then
click Next. |
| 10. | If the Additional Services page appears, review them, make any desired changes, and click Next. |
| 11. | On the Handling Unspecified Services page, select the desired action. The default is to not change the startup mode, but it is more secure to select Disable the Service if it is not needed.
Note
Selecting Disable the Service
is more secure; however, you run the risk of disabling a service that
the SCW was unaware was needed and affecting the reliability of your
system.
Choose how to handle unspecified services and click Next. |
| 12. | View the changes that the SCW recommends. Your display should look similar to Figure 1. When you’re satisfied with these changes, click Next. |
| 13. | On the Network Security section, select Skip This Section and click Next.
Note The
Network Security section enables you to view and manipulate firewall
rules for the local firewall. You can click through these settings to
identify what the wizard recommends.
|
| 14. | On the Registry Settings section, select Skip This Section and click Next.
Note
The Registry Settings
section enables you to view and manipulate different security settings
related to SMB security signatures, LDAP signing, and LAN Manager
Authentication. You can click through these settings to identify what
the wizard recommends.
|
| 15. | On the Audit Policy section, click Next. |
| 16. | Ensure that Audit Successful Activities is selected and click Next. Review the Audit Policy Summary page and click Next. |
| 17. | On the Save Security Policy page, click Next. |
| 18. | Notice that the file is saved in c:\windows\security\msscw\policies\ by default. Add a name such as scwtest at the end of the path. Click Next.
Note
The file is automatically saved as an .xml file with the .xml extension.
|
| 19. | Ensure Apply Later is selected and click Next. Click Finish. |
At this point, you have a policy created and you can use the scwcmd tool to manipulate it.
