APPLY SECURITY POLICIES WITH THE SECURITY CONFIGURATION AND ANALYSIS TOOL

Setting security on a server can be a time-consuming and confusing task, particularly when you consider the hundreds of policies that can affect security. In addition, as administrators attempt to implement immediate solutions to specific problems, security settings can unexpectedly change over time. The result is often a server that falls out of the organization's intended security safety net.

To simplify security configuration and give administrators a means to monitor security settings, Microsoft developed the Security Configuration And Analysis tool for the Microsoft Management Console (MMC) and a corresponding set of security templates for specific scenarios.

Using these tools, you can analyze a server against a known previously saved configuration, or you can analyze it against a recommended security configuration template. You can also use the tools to apply a set of security settings to the server to set or restore it to a specific secure state.

To begin exploring these tools, first open an empty management console. (Go to Start | Run, and enter mmc.exe.) Go to Console | Add/Remove Snap-ins, and add the Security Configuration And Analysis and Security Templates snap-ins to the console.

You don't need the Security Templates snap-in to use the Security Configuration And Analysis snap-in. However, adding it to the console now enables you to easily browse each template's settings later.

Before applying a given configuration, it's a good idea to export your current settings to a template. Follow the tool's prompts to create a new database, right-click Security Configuration And Analysis, and select Export Template.

After exporting the template, you can begin analyzing and configuring the server. For more complete instructions on using these security tools, check out the Security Configuration And Analysis tool's Help documentation.