Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant

Using the Security Configuration Wizard

The Security Configuration Wizard can help you create and apply a comprehensive security policy. A security policy is an XML file you can use to configure services, network security, registry values, and audit policies. Because security policies are role-based and feature-based, you generally need to create a separate policy for each of your standard server configurations. For example, if your organization uses domain controllers, file servers, and print servers, you might want to create a separate policy for each of these server types. If your organization has mail servers, database servers, and combined file/print servers in addition to domain controllers, you should create separate policies tailored to these server types.

You can use the Security Configuration Wizard to do the following:

? Create a security policy

? Edit a security policy

? Apply a security policy

? Roll back the last-applied security policy

Security policies can incorporate one or more security templates. Much like you can with security templates, you can apply a security policy to the currently loggedon computer by using the Security Configuration Wizard. Through Group Policy, you can also apply a security policy to multiple computers. By default, security policies created with the Security Configuration Wizard are saved in the %SystemRoot%securitymsscwPolicies folder.

The command-line counterpart to the graphical wizard is the Scwcmd (Scwcmd.exe) utility. At an elevated administrator prompt, you can use Scwcmd Analyze to determine whether a computer is in compliance with a security policy and Scwcmd Configure to apply a security policy.

Оглавление книги