Server Manager and the Security Configuration Wizard
Applies To: Windows Server 2008 R2
Although role, role service, and feature installations completed in Server Manager are secure by default, you can use the Security Configuration Wizard (SCW) to customize the security of roles, role services, and features in your enterprise.
How Server Manager works with the Security Configuration Wizard
Server Manager and SCW are similar in that they both use the same processes to accomplish the following tasks.
Server Manager and SCW both use the same Windows process to determine what roles, role services, and features are installed on a computer and are available for installation.
Server Manager and SCW both use the same default policies for services and firewall exceptions.
Both Server Manager and SCW use the same tools to determine how roles, role services, and features are dependent upon other roles, role services, and features to run.
Server Manager and SCW are complementary technologies in several ways, as described in the following sections. The focus of Server Manager is on shortening the amount of time it requires to deploy and repurpose servers, and enabling administrators to manage the typical daily operations of roles, role services, and features. SCW, by contrast, aids in the long-term prevention of events, user behaviors, and vulnerabilities that can lead to security failures such as unauthorized access to data.
SCW allows administrators to define role-based security policies that can be applied to remote computers throughout an enterprise. Server Manager secures roles by default, and takes steps to ensure that remaining roles, role services, and features are secure after removing a role, role service, or feature from the computer, but administrators cannot use Server Manager directly to make custom security changes.
SCW allows administrators to compare the current state of a computer's security to existing security policy to ensure policy compliance.
Although Server Manager can display Windows security logs by interfacing with Event Viewer, and show security options selected by administrators (such as whether Windows Firewall and Windows Update are enabled), Server Manager itself does not verify the security of roles, role services, and features after they are installed.
SCW enables fine-grained control over a computer's attack surface, and provides administrators with a scaled ability to harden a computer against attacks based on the security needs of their organization. Server Manager allows administrators to install roles, role services, and features that are secure by default and ready for deployment. In most cases, administrators do not need to run SCW to begin working with roles, role services, and features.
External roles, role services, and features
Server Manager can be used to manage only roles, role services, and features that are included on the Windows Server 2008 product disc. SCW can be used to secure both roles, role services, and features that are included with Windows Server 2008, and those roles, role services, and features not available for installation on the product disc, such as Microsoft SQL Server and Microsoft Exchange Server.
Server Manager cannot be used to install or create third-party roles, role services, and features. SCW offers a public schema for third-party software manufacturers to define new roles, role services, and features that can be secured by using SCW.
For more information about the Security Configuration Wizard, see the Security Configuration Wizard Help, scwhelp.chm.