1. | Launch the Security Configuration Wizard from the Administrative Tools menu. |
2. | Click Next on the Welcome page. |
3. | Select Create A New Security Policy and click Next. |
4. | Type the name of the server you want to analyze and click Next. |
5. | After the Security Configuration Database has been analyzed, click Next. |
6. | Click Next on the Role-Based Configuration page. |
7. | Review
the server roles. These are the roles that are currently installed, and
the SCW uses them to determine which services should be running and
which ports should be open. Make any changes desired, and then click Next. |
8. | Review
the client features. These are the features that are currently
installed and used to enable services or support different client
features. Make any changes desired and click Next. |
9. | Review
the options page. These are the administration and other options used
to enable services or open ports. Make any changes desired, and then
click Next. |
10. | If the Additional Services page appears, review them, make any desired changes, and click Next. |
11. | On the Handling Unspecified Services page, select the desired action. The default is to not change the startup mode, but it is more secure to select Disable the Service if it is not needed.
Note
Selecting Disable the Service
is more secure; however, you run the risk of disabling a service that
the SCW was unaware was needed and affecting the reliability of your
system.
Choose how to handle unspecified services and click Next. |
12. | View the changes that the SCW recommends. Your display should look similar to Figure 1. When you’re satisfied with these changes, click Next. |
13. | On the Network Security section, select Skip This Section and click Next.
Note The
Network Security section enables you to view and manipulate firewall
rules for the local firewall. You can click through these settings to
identify what the wizard recommends.
|
14. | On the Registry Settings section, select Skip This Section and click Next.
Note
The Registry Settings
section enables you to view and manipulate different security settings
related to SMB security signatures, LDAP signing, and LAN Manager
Authentication. You can click through these settings to identify what
the wizard recommends.
|
15. | On the Audit Policy section, click Next. |
16. | Ensure that Audit Successful Activities is selected and click Next. Review the Audit Policy Summary page and click Next. |
17. | On the Save Security Policy page, click Next. |
18. | Notice that the file is saved in c:\windows\security\msscw\policies\ by default. Add a name such as scwtest at the end of the path. Click Next.
Note
The file is automatically saved as an .xml file with the .xml extension.
|
19. | Ensure Apply Later is selected and click Next. Click Finish. |