Description of the Security Configuration Wizard in Windows Server 2003 (906236)


The information in this article applies to:

  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition

INTRODUCTION

The Security Configuration Wizard is a security policy authoring tool that focuses on reducing attack surface. You can use the Security Configuration Wizard to do the following things:
  • Disable unnecessary ports and services.
  • Configure Microsoft Windows Firewall.
  • Configure Internet Protocol security (IPSEC) filters.
  • Configure Lightweight Directory Access Protocol (LDAP) settings.
  • Configure server message block (SMB) settings.
  • Configure NTLM protocol settings.
  • Configure predefined audit settings.
  • Configure individual settings for applications such as Microsoft Internet Information Services (IIS), Microsoft Exchange, Microsoft SQL Server, Microsoft Internet Security and Acceleration (ISA) Server, and most Microsoft server-side application products.
The Security Configuration Wizard is an application instead of a service. The Security Configuration Wizard is abstracted from the actual components that store and enforce the security options. The Security Configuration Wizard does not enforce defined settings. Instead, the Security Configuration Wizard creates a customized settings template. Other aspects of the operating system are responsible for using the template to modify system behavior.

MORE INFORMATION

The Security Configuration Wizard product team has developed a troubleshooting document. For more information, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/technologies/security/configwiz/default.mspx

Modification Type:MajorLast Reviewed:8/24/2005
Keywords:kbinfo KB906236 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.