Configuring Windows Firewall with SCW
Updated: March 28, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Security Configuration Wizard (SCW) is a tool used to reduce the attack surface of computers running a member of the Windows Server 2003 family with Service Pack 1 (SP1). SCW is the preferred tool for configuring Windows Firewall. You can use SCW to turn on Windows Firewall and configure Windows Firewall exceptions.
SCW does not configure Windows Firewall directly. It helps you create a security policy based on the roles performed by a server. After a policy is created, it can be edited or applied to one or more similarly configured servers. Applied policies can be rolled back to undo changes that have caused problems. To edit, apply, or roll back a security policy, the policy must have been created with SCW.
When to perform this task
You should use SCW to configure Windows Firewall when you install Windows Server 2003 with SP1. This includes:
Installations of SP1 on servers that are running Windows Server 2003.
Slipstream installations of Windows Server 2003 with SP1 on new servers.
Upgrades from older operating systems to Windows Server 2003 with SP1.
Do not use SCW to configure Windows Firewall if you use Netfw.inf or an answer file to configure Windows Firewall during an automated installation or if you use domain-based Group Policy settings to configure Windows Firewall.
SCW is an optionally installed component. You must install SCW before you can use it. SCW can be installed only on computers running a member of the Windows Server 2003 family with SP1. The server that you are configuring must be running a member of the Windows Server 2003 family with SP1. For more information, see Install Security Configuration Wizard on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=43158).
To complete this task, perform the following procedure: