Processing Security Configuration Database

Applies To: Windows Server 2008

The Security Configuration Database consists of a set of .xml files that list services and ports that are required for each server role that is supported by the Security Configuration Wizard (SCW). These files are installed in %systemroot%\security\ssscw\kbs. After you select a server, the server is scanned to determine the following:

  • Roles that are installed on the server

  • Roles that are likely being performed by the server

  • Services that are installed but not part of the Security Configuration Database

  • IP addresses and subnets that are configured for the server

SCW combines this server-specific information into a single .xml file named Main.xml. SCW displays Main.xml if you click View Configuration Database on the Processing Security Configuration Database page.

Centralizing the Security Configuration Database

You may want to maintain the Security Configuration Database in a central location that can be used throughout your organization. This allows local administrators in multiple locations to use the same Security Configuration Database. SCW.exe accepts a command-line argument for the centralized database location.

To specify a centralized configuration database, you can use the following command:

scw.exe /kbSCWKBDirectoryLocation

For example, two possible commands are:

scw.exe /kb \\securityserver\scwkb

scw.exe /kb k:\

Note

The local administrator who runs SCW must have at least Read permission to the remote Security Configuration Database directory. In non-domain environments, the local administrator may need to provide credentials in order to access the centralized server. This can be accomplished by first making a connection to the server. For example, you might use the following command: Net use k: \securityserver\scwkb /u:securityserver\User1

For more information about selecting server roles, see Select Server Roles.

Additional references