Security Configuration Wizard in Windows Server 2003 Service Pack 1

WindowSecurity.com - It is no secret that Microsoft needs to work on security for their operating systems. It is also no secret that many of their attempts to date haven't worked as seamlessly as they have originally intended. However, Microsoft is finally onto something with the introduction of the new Security Configuration Wizard, which is bundled with Windows Server 2003 Service Pack 1.

The Wizard works in conjunction with security policies. The resulting security policies can be applied to any server on your network, allowing for consistency and stability of the security settings on all servers. The security policies are created based on a baseline server. Once the security policy is created, it can be applied to the baseline server, or any other server in the organization.

In this article, we will go over the options that you have as you maneuver through the Security Configuration Wizard, starting with the options of how to manipulate the security policies. We will also cover key areas that are targeted by the Wizard, including services, network security, registry settings, administration and other server responsibilities.

Getting to the Security Configuration Wizard
The Security Configuration Wizard is not installed by default after you install Windows Server 2003 Service Pack 1. You will need to go through the Add/Remove Windows Components applet in Control Panel to install the Wizard.

After the Wizard is installed, you can access it easily by going to the Administrative Tools menu off of the Start Menu. Once you start the Wizard, you will be presented with the screen shown in Figure 1.


Figure 1: Security Configuration Wizard welcome screen

You should note the message that is highlighted with the yellow yield sign. The message indicates that the wizard will detect inbound ports that are being used by this server. This requires that all applications that use inbound ports be running before you run the Wizard and create the security policy.

Working with security policies
Once you launch the Wizard, you will first be prompted to make a decision about the security policy you are going to be working with. You can create a new policy, edit an existing policy, apply an existing policy, or roll back the last applied policy. All of these options can be seen in Figure 2.

Figure 2: You need to make an initial decision as to what you need to do with the security policy.

Security policies are created as XML files, using the XML file extension. The default security policy storage location is C:\Windows\Security\msscw\policies. You

Reprinted with permission from

For more security news visit WindowSecurity.com
Story copyright 2006 WindowSecurity.com. All rights reserved.