Secure configuration assessment and management tools and services are available for Windows Server® 2008 to administer security throughout a layered defense and manage ongoing threats.
System Security Configuration
System security configuration technologies in Windows include features, tools, and products that help secure servers and connections to those servers.
Server Security Policy Management
Server Security Policy Management
Server security policy management helps you keep security settings up to date as your various server configurations change over time. You can analyze server security settings to ensure the policy applied to a server is appropriate for the server role, update a server policy when the server configuration is modified, create a policy for a new application or server role not included in Server Manager, and use security policy management tools to apply security policy settings that are unique to your environment.
Components for server security policy management are included with Windows Server 2008 and can be installed by using the Microsoft Management Console (MMC) or Server Manager.
Security Configuration Wizard
Security Configuration Wizard
With the Security Configuration Wizard (SCW), you can reduce the attack surface of a computer running Windows Server 2008. SCW determines the minimum functionality required for a server’s role or roles and disables functionality that is not required.
SCW is included with Windows Server 2008 and can be accessed from Administrative Tools and Server Manager.
Authorization Manager
Authorization Manager
Authorization Manager enables administrators to provide access to applications through assigned user roles that relate to job functions. Authorization Manager applications store the authorization policy in the form of authorization stores in Active Directory Domain Services (AD DS) or in XML files, and these applications apply the authorization policy at run time. In Windows Server 2008, support for SQL stores has been added.
Authorization Manager is included with Windows Server 2008 and can be accessed from the MMC.
Active Directory Domain Services
Active Directory Domain Services
Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. An Active Directory domain controller is a server that is running AD DS.
The AD DS server role is included with Windows Server 2008 and can be installed with Server Manager.
Group Policy
Group Policy
Group Policy allows you to implement specific configurations for users and computers.
Group Policy Management is a feature included with Windows Server 2008 and can be installed by using Server Manager.
Security Patch Management
Security patch management in Windows allows you to change and configure security settings through manual and automatic update processes.
Systems Management Server 2003
SMS 2003 Security Patch Management
Systems Management Server (SMS) 2003 enables you to stay aware of the latest updates, identify software vulnerabilities, and quickly deploy updates in an accurate, verifiable, and controlled manner.
SMS 2003 and System Center products must be purchased under a separate license.
Windows Server Update Services
Microsoft Windows Server Update Services
By using Windows Server Update Services (WSUS), administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network. For more information, see the Windows Server Update Services (WSUS) Technical Library.
WSUS 3.0 can be downloaded and installed from Windows Server Update Services 3.0.
Security Reporting, Monitoring, and Assessment
Security reporting, monitoring, and assessment features, tools, and products can assist you in managing security for your servers.
Security Auditing
Security Auditing
Security auditing can help you maintain the security of your system. As part of your overall security strategy, you should determine the level of auditing appropriate for your environment.
Components for security auditing are included with Windows Server 2008 and are accessible by using the Auditpol command-line tool and through any securable object property page.
System Center Reporting Manager 2006
System Center Reporting Manager 2006
System Center Reporting Manager (SCRM) 2006 consolidates your change and configuration information from SMS 2003 and your event and performance information from Microsoft Operations Manager (MOM) 2005 to give you easy access to the reports you need to manage your enterprise.
SCRM 2006 must be purchased under a separate license.
Security Tools
Security tools help you assess and analyze your security configurations. For a complete list of tools, see Security Tools.
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer
The Microsoft Baseline Security Analyzer (MBSA) is a tool designed for the IT professional that helps small-sized and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.
MBSA 2.1 can be downloaded and installed from Microsoft Baseline Security Analyzer 2.1.
Microsoft Security Assessment Tool
Microsoft Security Assessment Tool
The Microsoft Security Assessment Tool (MSAT) is a risk-assessment tool designed to help organizations assess weaknesses in their current IT security environment, reveal a prioritized list of issues, and help provide specific guidance to minimize those risks.
MSAT 3.0 can be downloaded and installed from Microsoft Security Assessment Tool 3.0.
Note: