Secure Configuration Assessment and Management
Updated: February 7, 2008
Applies To: Windows Server 2008
Secure configuration assessment and management tools and services are available for Windows Server® 2008 to administer security throughout a layered defense and manage ongoing threats.
System Security Configuration
System security configuration technologies in Windows include features, tools, and products that help secure servers and connections to those servers.
Server Security Policy Management
Server security policy management is a set of components that can help you keep security settings up to date as your various server configurations change over time. Components for server security policy management are included with Windows Server 2008 and can be installed by using the Microsoft Management Console (MMC) or Server Manager.
Security Configuration Wizard
The Security Configuration Wizard (SCW) determines the minimum functionality required for a server's role or roles and disables functionality that is not required. SCW is included with Windows Server 2008 and can be accessed from Administrative Tools and Server Manager.
Authorization Manager enables administrators to provide access to applications through assigned user roles that relate to job functions. Authorization Manager is included with Windows Server 2008 and can be accessed from the MMC.
Active Directory Domain Services
Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. The AD DS server role is included with Windows Server 2008 and can be installed by using Server Manager.
Group Policy allows you to implement specific configurations for users and computers. The Group Policy Management Console (GPMC) is included with Windows Server 2008 and can be installed by using Server Manager.
Security Patch Management
Security patch management in Windows allows you to change and configure security settings through manual and automatic update processes.
Systems Management Server 2003
Systems Management Server (SMS) 2003 enables you to stay aware of the latest updates, identify software vulnerabilities, and quickly deploy updates in an accurate, verifiable, and controlled manner.
Microsoft System Center products are also available. See Microsoft System Center for general product information and trial software downloads.
SMS 2003 and System Center products must be purchased under a separate license.
Windows Server Update Services
Windows Server Update Services (WSUS) allows administrators to manage the distribution of updates that are released through Microsoft Update to computers in their network.
Windows Server Update Services 3.0 (Download)
Security Reporting, Monitoring, and Assessment
Security reporting, monitoring, and assessment features, tools, and products can assist you in managing security for your servers.
Security auditing can help you maintain the security of your system through implementation of policies, command-line tools, and scripts by reporting the security status of computer objects. Components for security auditing are included with Windows Server 2008 and are accessible by using the Auditpol command-line tool and through any securable object property page.
System Center Reporting Manager 2006
System Center Reporting Manager (SCRM) 2006 consolidates your change and configuration information from SMS 2003 and your event and performance information from Microsoft Operations Manager (MOM) 2005 in a reporting format. SCRM 2006 must be purchased under a separate license.
Security tools help you assess and analyze your security configurations. Security tools can be downloaded or are included with Windows Server 2008.