This question was asked during my TechNet Briefing event held yesterday (April 5th) in Appleton, Wisconsin.
The Answer: No, and Yes.
- No – you can’t script the use of the tool to do the scan of the server. The GUI tool is the main power… you use it to scan a server and build your policies. But
- Yes – you can push the resulting .xml file and apply the policy to one or more servers using the “scwcmd” command.
I found the answer in the Security Configuration Wizard Documentation, specifically page 10 of the deployment document which states:
“To configure multiple servers with a policy, you can use scwcmd configure /p:PolicyFile /i:MachineList at the command prompt, rather than this SCW UI procedure. Type scwcmd configure at the command prompt to learn about the parameters.”
Also – a VERY good resource of information is an on-demand webcast by Peter Meister, Lead Product Manager, Windows Server 2003, entitled “Windows Server 2003 Service Pack 1 – Security Configuration and Role-Based Server Deployment”