Want a new and easy method of securing your servers according to their roles? Tired of digging through white papers and Microsoft documentation while you try to piece together the optimal security configuration? The new Security Configuration Wizard (SCW), which comes with Windows Server 2003 Service Pack 1 (SP1), can help you quickly and easily reduce the attack surface of your Windows 2003 SP1 servers. SCW's primary goal is to define security according to a server's role or roles (e.g., Microsoft SQL Server, Exchange Server, Certificate Server, domain controller—DC). Not only can SCW provide configurations for computers that play a single role, the Wizard can also determine dependencies for computers that hold several roles on the network.
When you run SCW, it asks a series of questions designed to determine the functional requirements of the target server (i.e., the system for which you want to author, deploy, or roll back a security policy). Based on your answers and on its analysis of the target server's current configuration, SCW lets you author a security policy that you then can apply (via the Wizard's GUI or command-line version, or through Group Policy) to lock down the target computer. You can also use SCW to roll back a deployed configuration, returning the target system to its pre-policy state. (Note that I wrote this article based on the Windows 2003 SP1 Release Candidate—RC—so some details might differ slightly in the final SCW version.) . . .
