Windows Tip Sheet

The Magic's in the XML

Conveniently configure security options for all kinds of servers in Win2003 SP1 via the open file format.

By now, you’ve probably installed Win2003 SP1 on at least one machine in your environment, if you haven’t started or finished completely deploying it by now. And you’ve doubtless read about the new Security Configuration Wizard (SCW), one of the optional-install new features included in SP1.

Have you looked at the SCW, yet? If not, you definitely should. First, remember that the SCW’s primary job is to generate a security template, meaning it’s completely safe to run it on any server. It won’t make any changes to that server unless you specifically tell it to; instead, it saves your changes to a security template, which can be deployed to whatever servers you like.

Typically, you’ll install the SCW on a “representative” server, such as a domain controller, and come up with a template valid for that “type” of server. You’d then deploy the resulting template to each server handling the same role or roles as that “representative” server (e.g., other domain controllers). The template acts to lock down each server, disabling unnecessary services, ports and so forth, and configuring a number of security-related options (such as SMB packet signing, authentication levels).

The “magic” of the SCW is its XML configuration file, which lists all the possible server roles Microsoft recognizes, and lists the resources (services, ports) these roles require to operate. The SCW ships “knowing” about products like BizTalk and Exchange Server; because the XML format is open and documented, it can even be extended by third-party software developers, or even your own software developers, to cover whatever applications you have in your environment. In theory, when an application’s resource needs change (e.g., maybe it needs a new port to support a new feature), you just regenerate your template based on the updated XML file. The template would be rebuilt using the new requirements for that role, and you’d redeploy the template. In effect, the XML configuration file becomes the source of configuration, helping to centralize and consolidate that security knowledge into one convenient place.

So if you haven’t explored the SCW, install it and spend a few minutes looking around!

More Resources

  • The official word on the SCW is here.
  • Don’t run the SCW on Small Business Server without reading this.
  • Okay, nothing’s perfect: Read this if you’re running anything other than the base Windows OS (e.g., Exchange or something).

About the Author

Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is an Author/Evangelist for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.

comments powered by Disqus
Most   Popular

SharePoint Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.