
close
close
Chance to win $250 in Petri 2023 Audience Survey
In the first article in this two-part series, I discussed evaluating whether it’s necessary for security configuration settings to be changed from the defaults in Windows Server, and how to use the Security Configuration Wizard (SCW) to create and save a specially tailored security policy.
In this final part, I’ll show you how to apply and roll back the policy we created in part one using the GUI, along with instructions on how to convert a SCW policy into a Group Policy Object using the command line version of the tool.
Once you’ve determined that a security policy works for a server or group of servers, then you can use the Security Configuration Wizard to apply the policy.
Apply an existing policy using the Security Configuration Wizard (Image Credit: Russell Smith)
The policy should apply within a few minutes. Be careful about applying policy to remote servers, especially those where there is no Integrated Lights Out facility, such as VMs running on Microsoft Azure where the only way to connect is using PowerShell or a Remote Desktop Connection.
There might be occasions, especially during the testing phase, where you want to rollback a security policy that you have applied. I wouldn’t rely on this as a plan for a production environment, but nevertheless it’s a handy feature.
Rollback an already applied policy (Image Credit: Russell Smith)
View the changes that will be rolled back (Image Credit: Russell Smith)
While the Security Configuration Wizard GUI is great for working with single servers, once you’ve created a policy, you might like to apply and manage it centrally across multiple devices. Fortunately, the command line version of the tool allows us to do just that.
The new GPO will be created in Active Directory, but not linked to an Organizational Unit (OU). That you must do yourself using the Group Policy Management tool, which can be found on the Tools menu in Server Manager.
It is always preferable to use Group Policy to manage computers on a network where possible, but there are situations where servers are not members of an Active Directory domain so can’t be managed using Group Policy. Again using the command line version of SCW, you can apply a policy to more than one server.
Create a config file containing a list of servers and security policies (Image Credit: Russell Smith)
The /t: parameter is used to specify the number of working threads, which is useful if you want to apply policy to many servers, and /u: to specify the user account that will authenticate on the remote servers.
You’ll then be shown a progress monitor and informed when the operation has completed. You can see the resulting logs on each server under %windir%\security\msscw\logs, although they are not particularly informative.
Now that a security policy has been applied to a remote server, you can use scwcmd.exe to check that it has been applied successfully.
When the analyze command has completed, you can check the results in the working directory of the command prompt. Unfortunately, the report is a little incomprehensible, although you will find buried in there information about whether the server passed checks for each section of the security policy.
More in Security
Git Releases New Security Updates to Block Remote Code Execution Attacks
Jan 18, 2023 | Rabia Noureen
Bitwarden – An Open-Source Alternative to LastPass for Business and Personal Use
Jan 3, 2023 | Russell Smith
LastPass Confirms Hackers Stole Personal Data and Encrypted Password Vaults
Dec 23, 2022 | Rabia Noureen
Most popular on petri