Extending the Security Configuration Database

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This is an advanced topic for developers with XML expertise and for IT professionals.

You can create a new Security Configuration Database file or custom applications in your environment.

Caution

• When customizing the Security Configuration Database, do not make changes to W2K3.xml or to any other XML files that are included with Security Configuration Wizard (SCW).

You can create a new Security Configuration Database so that it is customized for your environment. For example, you may be creating a security policy and your organization uses custom applications that require specific services to be enabled or ports to be open. You can customize the Security Configuration Database to contain this information. For more information about the Security Configuration Database, see Security Configuration Database.

Caution

• When customizing the Security Configuration Database, do not make changes to W2K3.xml.

Create your own XML file and save it to %Systemroot%\Security\Msscw\KBs. To customize an existing role, in your custom Security Configuration Database, create a new role with the same role type and name as the role in W2K3.xml. For example, if you want to customize the file server role, in your custom XML file, you would create a role with Server and File. You can customize the entries for <Selected>, <Services>, and <Ports>. Then, open KBReg.xml and replace <Custom /> with <Custom>Custom_KB_Name.xml </Custom>.

For more information about the Security Configuration Database, see Security Configuration Database.