Appendix B

Security Configuration Manager

In previous editions of this book, I demonstrated a tool called the Security Configuration Wizard (SCW). SCW made its debut in Windows Server 2003/SP1. It had a neat idea:

1. Scan the machine to learn what it’s already doing. Maybe it’s a Domain Controller, Exchange server, SQL server, etc.
2. Detect where the server is utilized (such as which services are in use, firewall ports open, etc.).
3. Create a baseline you could then export.
4. Transform the baseline to a GPO.

Then you could link the GPO to, say, all your similar servers (DCs, Exchange servers, SQL servers, etc.) and all those servers would be equally secure.

Awesome! Except no one used the tool. People wanted Microsoft to tell them exactly ...

Get Group Policy: Fundamentals, Security, and the Managed Desktop, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.