Goal

This article aims to demonstrate how to perform the configuration of the Security Configuration Wizard (SCW) in Windows Server 2008 .

Applies to

• Windows Server 2008 all versions.

Introduction

With the Security Configuration Wizard (SCW), you can reduce the attack surface of the PC s running Windows Server 2008 by customizing the security settings.

What is SCW?

SCW guides you through the process of creating, editing, applying, or removing a security policy. It provides an easy way to create or modify a security policy for your server based on its role. You can use Group Policy to apply security policies to multiple servers that perform the same function. You can also use the SCW to do a rollback of a security policy. With SCW, you can compare the security settings of a server with a security policy you want to check the possible vulnerability 's settings on the server.

Note

A security policy created with SCW on a computer running Windows Server 2008 can be applied only to computers running Windows Server 2008 . SCW can not be used with client operating systems or Windows Small Business Server.

Installation

SCW is installed automatically with Windows Server 2008 is not necessary any action by the administrator. The installation also includes the SCW command line tool Scwcmd.

Creating a security policy with SCW

To start creating an SCW security policy follow the steps below:

1 - Click Start, All Programs, Administrative Tools and select Security Configuration Wizard. It will carry a window as shown in Figure 1.1.

Figure 1.1

2 - Click the Next button to continue. Carries a window will be as shown in Figure 1.2.

Figure 1.2

3 - On the Configuration Action window you have the options to create a new security policy, edit an existing security policy, apply an existing security policy or to roll back the last applied security policy. In our example we choose the Create a new security policy to create a new security policy. Then click the Next button to continue. Carries a window will be as shown in Figure 1.3.

Figure 1.3

4 - In the Select Server window you select the server that will be used as a baseline to create the security policy. You can select the server by DNS name, NetBIOS name or IP address. In our example we will use the local server with the name WIN-X9E5TL3GBSF. After selecting the server click the Next button to continue. Carries a window will be as shown in Figure 1.4.

Figure 1.4

5 - In the Processing Security Configuration Database window you have the option of viewing the configuration database, which contains information about server roles, client features, administration options, services, windows firewall and other settings. Click the View Configuration Database for details. Carries a window will be as shown in Figure 1.5.

Figure 1.5

6 - Click the links in the window above for more details spare the server roles, client features, administration options, services and windows firewall. After consulting with the options mentioned above close the SCW Viewer and then in the wizard window SCW. On the Processing Security Configuration Database window click the Next button to continue. Carries a window will be as shown in Figure 1.6.

Figure 1.6

7 - From this point you should be careful with the answers you will provide to the wizard SCW, because if you answer the questions incorrectly services or features may be disabled or enabled improperly. Make sure you have the necessary knowledge about the roles of servers that will receive this security policy so you do not cause any downtime in your production environment. Therefore, always take the tests in environmental approval. Click the Next button to continue. Carries a window will be as shown in Figure 1.7.

Figure 1.7

8 - In the Select Server Roles you have the option to enable or disable the server roles that you receive the security policy. Based on your choice services and ports are enabled. On the View menu you have options:

• All roles (displays all roles available for configuration).
• Installed roles (displays all roles installed).
• Uninstalled roles (displays all roles uninstalled).
• Selected roles (displays all selected papers).

In our example we'll select the roles File Server and Print Server and then choose the Selected roles. The Select Server Roles window will look similar to Figure 1.8.

Figure 1.8

9 - Click Next to continue. Carries a window will be as shown in Figure 1.9.

Figure 1.9

10 - In the Select Client Features you have the option to enable or disable the features of client server that will receive the security policy, because the servers also act as clients. Based on your choice services and ports are enabled. On the View menu you have options:

• All roles (displays all roles available for configuration).
• Installed roles (displays all roles installed).
• Uninstalled roles (displays all roles uninstalled).
• Selected roles (displays all selected papers).

In our example we will select the client features: Background Intelligent Transfer Service (BITS), DNS Client, Domain Member, Microsoft Networking Client, Network Discovery, Time Synchronization, Windows Update, and then choose Selected roles. The Select Server Roles window will look like Figure 1.10.

Figure 1.10

11 - Click Next to continue. Carries a window will be as shown in Figure 1.11.

Figure 1.11

12 - In the Select Administration and Other Options select options and other administration. On the View menu you have options:

• All options (displays all available options for configuration).
• Installed options (displays all installed options).
• Uninstalled options (displays all options uninstalled).
• Selected options (displays all the selected options).
• Remote Administration options (displays all the options for remote administration).
• Domain Member options (options displays all domain members).
• Background Intelligent Transfer Service (BITS) options (displays all options BITS).
• Microsoft Networking Client options (all options displays the Client for Microsoft Networks).
• Volume Shadow Copy options (options displays all of the Volume Shadow Copy).

In our example we'll select the options Browse Master, Local Application Installation, Microsoft Fibre Channel Platform Registration Service, Offline Files, Remote Desktop and then choose Selected options. Window Select Administration and Other Options will look like Figure 1.12.

Figure 1.12

13 - Click Next to continue. Carries a window will be as shown in Figure 1.13.

Figure 1.13

14 - In the Select Additional Services is informing the additional services that are installed on the server. In our example, how we are using a virtual machine Virtual Machine Additions Services Application Services and Virtual Machine Addtions Shared Folder Service are listed. Depending on the configuration of your server will be listed and other services you need to decide if this service will be present in your security policy. Make your picks and then click the Next button to continue. Carries a window will be as shown in Figure 1.14.

Figure 1.14

15 - On the Handling Unspecified Services window you define the treatment of unexpected services that are not listed on the selected server and are not listed in database security configuration. You have two options:

• Do not change the startup mode of the service
• Disable the service

In our example we will select the Disable the service and then click Next to continue. Carries a window will be as shown in Figure 1.15.

16 - On the Confirm Service Changes window displays a list of services in its current state and how they will look after the security policy is applied. Before continuing, confirm that the changes are correct services to meet the roles that your server will perform. Click the Next button to continue. Carries a window will be as shown in Figure 1.16.

15 - On the Handling Unspecified Services window you define the treatment of unexpected services that are not listed on the selected server and are not listed in database security configuration. You have two options:

• Do not change the startup mode of the service
• Disable the service

In our example we will select the Disable the service and then click Next to continue. Will load a window as shown in Figure 1.15.

Figure 1.15

16 - On the Confirm Service Changes window displays a list of services in its current state and how they will look after the security policy is applied. Before continuing, confirm that the changes are correct services to meet the roles that your server will perform. Click the Next button to continue. Carries a window will be as shown in Figure 1.16.

Figure 1.16

17 - In the Network Security section you can set the rules for Windows Firewall with Advanced Security based on rules and administrative options. If you do not want to set up this section just select the Skip this section and then click the Next button. In our example we'll skip this section. Carries a window will be as shown in Figure 1.17.

Figure 1.17

18 - In the Registry Settings section you have the option to configure protocos to be used for communication with other computers. If you do not want to set up this section just select the Skip this section and then click the Next button. In our example we'll skip this section. Carries a window will be as shown in Figure 1.18.

Figure 1.18

19 - Audit Policy section you have the option to configure the audit policy for the server. If you do not want to set up this section just select the Skip this section and then click the Next button. In our example we will configure this section. Carries a window will be as shown in figure 1.19.

Figure 1.19

20 - In the System Audit Policy window select one of three options:

• Do not audit (this option does not perform any audit).
• Audit successfull activities (this option audits successfully settings changes to the system and configured for audit files).
• Audit and unsuccessfull succefull activities (this option audits configuration changes with success and failure for the system and configured for audit files).

In our example, select the Audit succefull unsuccessfull and Activities and then click Next. Carries a window will be as shown in Figure 1.20.

Figure 1.20

21 - Audit Policy Summary In the window you have an overview of the current audit settings and audit settings as the following will apply the security policy. Before continuing, confirm that the audit settings are correct and then click Next. Carries a window will be as shown in Figure 1.21.

Figure 1.21

22 - On the Save Security Policy section you can save the security policy that you created and also apply the security policy for the selected server now, or apply for another server later. Click the Next button to continue. Carries a window will be as shown in Figure 1.22.

Figure 1.22

23 - In the Security Policy File Name window you define the name of security policy and a description to identify the policy. You also have the option to view the security policy by clicking the View Security Policy and include a security template by clicking the Include Security Templates. Define a name and description for your security policy and then click Next. Carries a window will be as shown in Figure 1.23.

Figure 1.23

24 - On the Apply Security Policy window you have the option of applying the security policy for the selected server now or later. In our example we apply now. Apply now Select and then click Next. After the security policy will be applied carries a window as shown in Figure 1.24.

Figure 1.24

25 - Applying Security Policy In the window click the Next button. Carries a window will be as shown in Figure 1.25.

Figure 1.25

In the window Completing the Security Configuration Wizard SCW is informed that it has successfully closed. It is also reported where the security policy has been saved and that to apply the same security policy to other servers just run the wizard again. Click the Finish button to finish.

Luciano Lima
[Enterprise Security MVP] - [MCSA Security] - [Security MCSE]

www.ticlassificados.com (New)
www.guiamcse.com.br
www.guiamcse.com.br / forum (new)
www.guiamcitp.com.br
www.guiacissp.com.br
www.guiacissp.com.br / forum (new)