Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant
Using the Security Configuration Wizard
The Security Configuration Wizard can help you create and apply a comprehensive security policy. A security policy is an XML file you can use to configure services, network security, registry values, and audit policies. Because security policies are role-based and feature-based, you generally need to create a separate policy for each of your standard server configurations. For example, if your organization uses domain controllers, file servers, and print servers, you might want to create a separate policy for each of these server types. If your organization has mail servers, database servers, and combined file/print servers in addition to domain controllers, you should create separate policies tailored to these server types.
You can use the Security Configuration Wizard to do the following:
? Create a security policy
? Edit a security policy
? Apply a security policy
? Roll back the last-applied security policy
Security policies can incorporate one or more security templates. Much like you can with security templates, you can apply a security policy to the currently loggedon computer by using the Security Configuration Wizard. Through Group Policy, you can also apply a security policy to multiple computers. By default, security policies created with the Security Configuration Wizard are saved in the %SystemRoot%securitymsscwPolicies folder.
The command-line counterpart to the graphical wizard is the Scwcmd (Scwcmd.exe) utility. At an elevated administrator prompt, you can use Scwcmd Analyze to determine whether a computer is in compliance with a security policy and Scwcmd Configure to apply a security policy.
- Интегрированная безопасность (NT Integrated Security)
- 4.4.4 The Dispatcher
- About the author
- Chapter 7. The state machine
- Appendix E. Other resources and links
- Caveats using NAT
- Example NAT machine in theory
- Using Double Quotes to Resolve Variables in Strings with Embedded Spaces
- The final stage of our NAT machine
- Compiling the user-land applications
- The conntrack entries
- Untracked connections and the raw table