Full of I.T.

Kevin Remde's IT Pro WebLog

TechNet Briefing Question: Can you script the Security Configuration Wizard?

This question was asked during my TechNet Briefing event held yesterday (April 5th) in Appleton, Wisconsin.

The Answer: No, and Yes.   

  • No – you can’t script the use of the tool to do the scan of the server.  The GUI tool is the main power… you use it to scan a server and build your policies.  But
  • Yes – you can push the resulting .xml file and apply the policy to one or more servers using the “scwcmd” command.

I found the answer in the Security Configuration Wizard Documentation, specifically page 10 of the deployment document which states:

“To configure multiple servers with a policy, you can use scwcmd configure /p:PolicyFile /i:MachineList at the command prompt, rather than this SCW UI procedure. Type scwcmd configure at the command prompt to learn about the parameters.”

Also – a VERY good resource of information is an on-demand webcast by Peter Meister, Lead Product Manager, Windows Server 2003, entitled “Windows Server 2003 Service Pack 1 – Security Configuration and Role-Based Server Deployment”