Windows Server 2008 : Security Configuration Wizard (part 1) - Understanding the Security Configuration Wizard

Understanding the Security Configuration Wizard

The Security Configuration Wizard (SCW) can help you increase security on a system (or multiple systems). The wizard leads you through the process of identifying several things you can do to increase the security. Elements the SCW examine include

• Services that are needed (and services that aren’t needed)

• Firewall rules to implement

• Registry settings to change

• Audit settings to enable

Tip

Combined, these settings harden the server by reducing the attack surface.

You can launch the SCW from the Administrative Tools menu. It analyzes the current operations of the system and makes recommendations for changes to make the system more secure. You can create a security policy, edit a security policy, apply a security policy, or roll back the last security policy with the SCW.

The following steps show how to create a security policy with the SCW.

Step	Action
1.	Launch the Security Configuration Wizard from the Administrative Tools menu.
2.	Click Next on the Welcome page.
3.	Select Create A New Security Policy and click Next.
4.	Type the name of the server you want to analyze and click Next.
5.	After the Security Configuration Database has been analyzed, click Next.
6.	Click Next on the Role-Based Configuration page.
7.	Review the server roles. These are the roles that are currently installed, and the SCW uses them to determine which services should be running and which ports should be open. Make any changes desired, and then click Next.
8.	Review the client features. These are the features that are currently installed and used to enable services or support different client features. Make any changes desired and click Next.
9.	Review the options page. These are the administration and other options used to enable services or open ports. Make any changes desired, and then click Next.
10.	If the Additional Services page appears, review them, make any desired changes, and click Next.
11.	On the Handling Unspecified Services page, select the desired action. The default is to not change the startup mode, but it is more secure to select Disable the Service if it is not needed. Note Selecting Disable the Service is more secure; however, you run the risk of disabling a service that the SCW was unaware was needed and affecting the reliability of your system. Choose how to handle unspecified services and click Next.
12.	View the changes that the SCW recommends. Your display should look similar to Figure 1. When you’re satisfied with these changes, click Next.
13.	On the Network Security section, select Skip This Section and click Next. Note The Network Security section enables you to view and manipulate firewall rules for the local firewall. You can click through these settings to identify what the wizard recommends.
14.	On the Registry Settings section, select Skip This Section and click Next. Note The Registry Settings section enables you to view and manipulate different security settings related to SMB security signatures, LDAP signing, and LAN Manager Authentication. You can click through these settings to identify what the wizard recommends.
15.	On the Audit Policy section, click Next.
16.	Ensure that Audit Successful Activities is selected and click Next. Review the Audit Policy Summary page and click Next.
17.	On the Save Security Policy page, click Next.
18.	Notice that the file is saved in c:\windows\security\msscw\policies\ by default. Add a name such as scwtest at the end of the path. Click Next. Note The file is automatically saved as an .xml file with the .xml extension.
19.	Ensure Apply Later is selected and click Next. Click Finish.

Figure 17-1. Confirming service changes by the SCW

At this point, you have a policy created and you can use the scwcmd tool to manipulate it.