Security Configuration Database

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The Security Configuration Database consists of a set of XML documents that list services and ports that are required for each server role that is supported by Security Configuration Wizard (SCW). These files are installed in %Systemroot%\Security\Msscw\KBs. After you select a server, on the Processing Security Configuration Database page, the server is scanned to determine the following:

  • Roles that are installed on the server

  • Roles that are likely being performed by the server

  • Services that are installed but not part of the Security Configuration Database

  • IP addresses and subnets that are configured for the server

SCW combines this server-specific information into a single XML file named Main.XML. The Security Configuration Wizard displays Main.XML if you click View Security Configuration Database on the Processing Security Configuration Database page.

Centralizing the Security Configuration Database

You might want to maintain the Security Configuration Database in a central location that can be used throughout the organization. This allows the Security Configuration Database to be maintained by security experts in one location while allowing administrators in multiple locations to run SCW. SCW.exe accepts a command-line argument for the centralized database location. For example, here is one possible command:

scw.exe /kb \\securityserver\scwkb

The local administrator who runs SCW must have at least read-only access to the remote Security Configuration Database directory. In non-domain environments, the local administrator might need to provide credentials in order to access the centralized server. This can be accomplished by first making a connection to the server. For example, you might use the following command:

Net use k: \\securityserver\scwkb /u:securityserver\User1 * scw.exe /kb k:\

For more information about selecting server roles, see Select Server Roles. For information about extending the database, see Extending the Security Configuration Database.