
close
close
The first article in this two-part series, “Using the Windows Server Security Configuration Wizard Part 1: Evaluating Risk and Creating a New Security Policy“, discussed evaluating whether it’s necessary for security configuration settings to be changed from the defaults in Windows Server and how to use the Security Configuration Wizard (SCW) to create and save a specially tailored security policy.
This second part outlines how to apply and roll back the policy created in part one using the GUI and how to convert a SCW policy into a Group Policy Object using the command line version of the tool.
Once you’ve determined that a security policy works for a server, or group of servers, you can use the Security Configuration Wizard to apply the policy.
Apply an existing policy using the Security Configuration Wizard
The policy should apply within a few minutes. Be careful about applying policy to remote servers. This is especially true for servers where there is no Integrated Lights Out facility, such as VMs running on Microsoft Azure where the only way to connect is using PowerShell or a Remote Desktop Connection.
There might be occasions, especially during the testing phase, where you want to roll back a security policy that you have applied. This is not a reliable back-out plan for a production environment but it’s a handy feature nevertheless.
Roll back an already applied policy
View the changes that will be rolled back
The Security Configuration Wizard GUI is great for working with single servers however once you’ve created a policy, you might like to apply and manage it centrally across multiple devices.
The command line version of the tool allows us to do that.
The new GPO will be created in Active Directory but not linked to an Organizational Unit (OU). To establish a link to an OU use the Group Policy Management tool found on the Tools menu in Server Manager.
It is always preferable to use Group Policy to manage computers on a network where possible. There are situations where servers are not members of an Active Directory domain so they can’t be managed using Group Policy. Using the command line version of SCW, you can apply a policy to more than one server.
Create a config file containing a list of servers and security policies
The /t: parameter is used to specify the number of working threads which is useful if you want to apply policy to many servers. The /u: is used to specify the user account that will authenticate on the remote servers.
Apply a policy to multiple servers from the command line
You’ll then be shown a progress monitor and informed when the operation has completed. You can see the resulting logs on each server under %windir%securitymsscwlogs, although they are not particularly informative.
Now that a security policy has been applied to a remote server, use scwcmd.exe to check that it has been applied successfully.
When the analyze command has completed, check the results in the working directory of the command prompt. Unfortunately the reports can appear to be incomprehensible but you can find information on whether the server passed checks for each section of the security policy buried in them.
More in Security
Slack Releases Fix for Critical Bug That Exposed Hashed Passwords for Years
Aug 8, 2022 | Rabia Noureen
Microsoft Defender Experts for Hunting Lets Businesses Proactively Hunt Security Threats
Aug 4, 2022 | Rabia Noureen
Microsoft Defender Gets New Security Tools Powered By RiskIQ's Threat Intelligence
Aug 2, 2022 | Rabia Noureen
Most popular on petri