Security Configuration Wizard

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security Configuration Wizard (SCW) is an attack surface reduction tool for members of the Microsoft® Windows® Server 2003 family with Service Pack 1 (SP1). SCW determines the minimum functionality required for a server's role or roles, and disables functionality that is not required.

For the latest information about SCW, see "Security Configuration Wizard for Windows Server 2003" at the Microsoft Windows Server 2003 Web site. (https://go.microsoft.com/fwlink/?LinkID=42434)

SCW does the following:

• Disables unneeded services.

• Blocks unused ports.

• Allows further address or security restrictions for ports that are left open.

• Prohibits unnecessary IIS web extensions, if applicable.

• Reduces protocol exposure to server message block (SMB), LanMan, and Lightweight Directory Access Protocol (LDAP).

• Defines a high signal-to-noise audit policy.

SCW guides you through the process of creating, editing, applying, or rolling back a security policy based on the selected roles of the server. The security policies that are created with SCW are XML files that, when applied, configure services, network security, specific registry values, audit policy, and if applicable, Internet Information Services (IIS).

Note

• In some cases, you must be connected to the Internet to use the links in SCW Help. If your computer is not connected to the Internet, you can find the same topic in Help and Support Center by searching for the link text. To open Help and Support Center, click Start, and then click Help and Support Center.

You can install SCW on computers running a member of the Windows Server 2003 family with SP1.

• For recommendations about how to get the most out of SCW, see Security Configuration Wizard Best Practices.

• For information about how to perform certain tasks, see Security Configuration Wizard How To.

• For general background information, see Security Configuration Wizard Concepts.

You do not need to run SCW to help secure your computer running Windows Small Business Server 2003. Instead, Windows Small Business Server 2003 uses the default settings in Setup and in the Configure E-mail and Internet Connection Wizard to help secure your server.

If you have not already run the Configure E-mail and Internet Connection Wizard, you should run it to help secure your server.

To start the Configure E-mail and Internet Connection Wizard on the computer running Windows Small Business Server 2003:

• Click Start and then click Server Management.

• In the console tree, click Internet and E-mail.

• In the details pane, click Connect to the Internet.