Over the years, we have always criticized Microsoft for security issues. However, Microsoft has recently stepped up its game. It not only protects its Windows Server operating system, but also provides some resources to help us maintain the Server check status.
The best resources for this purpose are free Microsoft Solution Accelerator ), it is a test guide and automation tool that helps you plan, securely deploy, and manage new Microsoft technologies ".
Security Compliance Manager is a solution booster that provides baseline Security configurations to help block Windows servers and ensure adequate Compliance. SCM is composed of an SQLServer-driven management console that allows you to customize, store, and output security baseline configurations to GPO, DCM, SCAP, or Excel.
Figure 1. Security Compliance Manager 2nd GUI
LocalGPO provides a command line interface for input and live output GPO, which is especially convenient for servers that are not in your Windows domain.
SCM provides baselines for Windows Server 2003 SP2, Windows Server 2008 SP2, and Windows Server 2008 R2SP1. SCM also provides baselines for other operating systems and applications, as well as upcoming guidelines to assist development on Exchange and SQL Server 2008.
Even if you are not interested in the central management of all server configurations, you can also use SCM for documentation. Each baseline has a security guide and an attack reference. The security guide is a Word document that is as long as a book and covers almost everything you need to know about security best practices and general Windows configurations. The attack surface reference is an Excel table that contains the settings of running services and related technical details. In the scm gui, you can access a large number of security-related settings, which display the default settings, the settings recommended by Microsoft, and other details, as shown in 2.
Figure 2. Examples of available Windows Server settings on the security compliance Server
We can't say that we don't have the right tools to ensure the security of the Windows environment. Whether you are a fan of Microsoft or not, the company is using SCM to throw us an olive branch. If you have never reinforced your Windows-based server, you may use a more formal method to make your configuration consistent. SCM is worth looking.
Address: http://www.searchsv.com.cn/showcontent_53528.htm