Fun with Security Settings

  • Article

LiliaG: Reporting from Australia (TechEd Australia 2009)

Almost everyone at the Brisbane User Infrastructure Group last night said their biggest priority with Group Policy is security settings. Box office ratings will have my believe that wizards are all the rage. How can I combine these two and launch Group Policy into mega-box-office glory?

The Security Configuration Wizard!

This handy tool walks you through some best practices to lock down you server. Check out the introduction:

image

It harnesses a massive database of all security settings to provide you with a security policy that will cover server roles, client features, administration options, services, firewall, and more.

image

You can read the deployment guide for Security Configuration Wizard: https://technet.microsoft.com/en-us/library/cc731515(WS.10).aspx

Not working on Server 2008 yet?  No worries.

To read about the SCW in Windows Server 2003 SP1, go here: https://redmondmag.com/articles/2005/06/01/the-security-configuration-wizard.aspx

Apparently, you triggered some undocumented response that removing the lockdowns doesn't resolve. You find yourself wishing for two things—a different career, and a single, authoritative source of lockdown settings you can deploy with a single stroke that are fully supported by Microsoft.

You got your second wish, at least. There's a little gem in Windows Server 2003 SP1 called the Security Configuration Wizard (SCW). This deceptively simple tool packs a huge XML database consisting of every service, feature and administration option from every server product produced by Microsoft. It also provides lockdown settings that are fully supported by Microsoft's major product teams.

Here’s the Microsoft deployment guide for Windows Server 2003 SP1:

https://technet.microsoft.com/en-us/library/cc776871(WS.10).aspx

Any other tips on security settings? Popular security configurations you use in your environment (that you can reveal)? Post them in the comments. For help with security settings, go to the Group Policy Forum.

https://social.technet.microsoft.com/Forums/en-US/winserverGP/threads?sort=repliesdesc 

 Enjoy!

 LiliaG, Group Policy PM