SQL Server 2005 introduced a new tool for DBAs called SQL Server Surface Area Configuration. It brought together into one place many of the features of SQL Server that a DBA would want to control in order to determine the security posture for a particular SQL Server. That's one of the problems with the tool: It works with one SQL Server instance at a time. For small shops with one or two SQL Servers, this isn't a big deal, but for large operations with many SQL Servers, the SQL Server Surface Area Configuration tool just wasn't efficient. Another problem with the tool is that it configured the settings once but there was no continuing enforcement. This meant that if someone made a change, such as enabling xp_cmdshell when it was originally disabled, there was no built-in and automated means to determine that the setting change had occurred and remedy the situation.
SQL Server 2008 strives to assist in managing either one server or many servers. As a result, the SQL Server Surface Area Configuration tool introduced in SQL Server 2005 is gone. Its function has been absorbed by Policy-Based Management, which is capable of checking and enforcing settings on one or many SQL Servers. Within Policy-Based Management, the facet to handle the aspects once managed by the SQL Server Surface Area Configuration tool is appropriately named Surface Area Configuration. Chapter 10 covers Policy-Based Management in detail.