Secure Configuration Assessment and Management

Applies To: Windows Server 2008

Secure configuration assessment and management tools and services are available for Windows Server® 2008 to administer security throughout a layered defense and manage ongoing threats.

System Security Configuration

System security configuration technologies in Windows include features, tools, and products that help secure servers and connections to those servers.

Server Security Policy Management

Server Security Policy Management

Server security policy management is a set of components that can help you keep security settings up to date as your various server configurations change over time. Components for server security policy management are included with Windows Server 2008 and can be installed by using the Microsoft Management Console (MMC) or Server Manager.

Security Configuration Wizard

Security Configuration Wizard

The Security Configuration Wizard (SCW) determines the minimum functionality required for a server's role or roles and disables functionality that is not required. SCW is included with Windows Server 2008 and can be accessed from Administrative Tools and Server Manager.

Authorization Manager

Authorization Manager

Authorization Manager enables administrators to provide access to applications through assigned user roles that relate to job functions. Authorization Manager is included with Windows Server 2008 and can be accessed from the MMC.

Active Directory Domain Services

Active Directory Domain Services TechCenter

Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. The AD DS server role is included with Windows Server 2008 and can be installed by using Server Manager.

Group Policy

Group Policy

Group Policy allows you to implement specific configurations for users and computers. The Group Policy Management Console (GPMC) is included with Windows Server 2008 and can be installed by using Server Manager.

Security Patch Management

Security patch management in Windows allows you to change and configure security settings through manual and automatic update processes.

Systems Management Server 2003

Systems Management Server (SMS) 2003 enables you to stay aware of the latest updates, identify software vulnerabilities, and quickly deploy updates in an accurate, verifiable, and controlled manner.


Microsoft System Center products are also available. See Microsoft System Center for general product information and trial software downloads.

SMS 2003 and System Center products must be purchased under a separate license.

SMS 2003 Security Patch Management

Windows Server Update Services

Windows Server Update Services (WSUS) allows administrators to manage the distribution of updates that are released through Microsoft Update to computers in their network.

Windows Server Update Services (WSUS) Technical Library

Windows Server Update Services 3.0 (Download)

Windows Server Update Services TechCenter

Security Reporting, Monitoring, and Assessment

Security reporting, monitoring, and assessment features, tools, and products can assist you in managing security for your servers.

Security Auditing

Security Auditing

Security auditing can help you maintain the security of your system through implementation of policies, command-line tools, and scripts by reporting the security status of computer objects. Components for security auditing are included with Windows Server 2008 and are accessible by using the Auditpol command-line tool and through any securable object property page.

System Center Reporting Manager 2006

System Center Reporting Manager 2006

System Center Reporting Manager (SCRM) 2006 consolidates your change and configuration information from SMS 2003 and your event and performance information from Microsoft Operations Manager (MOM) 2005 in a reporting format. SCRM 2006 must be purchased under a separate license.

Security Tools

Security Tools

Security tools help you assess and analyze your security configurations. Security tools can be downloaded or are included with Windows Server 2008.