Export (0) Print
Expand All

Creating SCW security policy files

Updated: March 28, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2

This topic tells how to create SCW security policy files.

Before you can deploy an SCW policy, you need to author it. This section covers using the SCW user interface to author a security policy. SCW security policies are always created from prototype servers of the same type as the servers that will receive the policy.

To create a security policy
  1. Click Start, click Administrative Tools, and then click Security Configuration Wizard.

  2. Read the Welcome page and click Next.

  3. Select Create a new security policy, and then click Next.

  4. Type the name of the prototype server, and then click Next.

  5. Wait for the Security Configuration Database to be processed, and then click Next.

  6. For each of the next five wizard pages, just click Next:

    • Role-Based Service Configuration page.

    • Select Server roles page.

    • Select Client Features page.

    • Select Administration and Other Options page.

    • Select Additional Services page.

  7. On the Handling Unspecified Services page, click Next.

  8. For each of the next 20 wizard pages, just click Next:

    • Confirm Service Changes page.

    • Network Security page.

    • Open Ports and Confirm Applications page.

    • Confirm Service Changes page.

    • Confirm Port Configuration page.

    • Registry Settings page.

    • Require SMB Security Signatures page.

    • Require LDAP Signing page.

    • Outbound Authentication Methods page.

    • Outbound Authentication Methods using Domain Accounts page.

    • Registry Settings Summary page.

    • Audit Policy page.

    • System Audit Policy page.

    • Audit Policy Summary page.

    • Internet Information Services page.

    • Select Web Service Extensions for Dynamic Content page.

    • Select the Virtual Directories to Retain page.

    • Prevent Anonymous Users from Accessing Content Files page.

    • IIS Settings Summary page.

    • Save Security Policy page.

  9. On the Security Policy File Name page, type a name for the prototype policy, and then click Next.

    Do not name the security policy by using the name of the prototype computer because scwcmd.exe uses computername.xml to save analysis results, and you do not want the security policy to have the same name as the analysis results. That would risk confusion or overwriting.

    The security policy settings that you can configure within SCW overlap with those that can be set by using security templates (.inf files). On the Security Policy File Name page, you can include a security template if you want to add settings that cannot be configured directly from SCW. If you attach a security template, and it contains settings that conflict with some SCW-configured settings, the SCW-configured settings have precedence.

  10. On the Completing the Security Configuration Wizard page, click Finish.

    The policy will now be created.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft