Part One. Today an in my next posts we want take a closer look at the security settings of an windows server. One good way to start is the "Security Configuration Wizard" later called as SCW. The wizard was patched in the operating system with SP1. In the release 2 of windows server 2003 you don’t need to patch it’s from start up SP2. To enable the feature just open the windows components dialog ("Add or Remove Programs" -> "Add/Remove Windows Components") and mark the check box. Now you need to insert the windows disk. In the "Administrative Tools" you will find an new program "Security Configuration Wizard". Or just run "scw.exe" from the run. On the start up screen of the SCW there is the first important notice. The message indicates that the wizard will detect inbound ports that are being used by this server. This requires that all applications that use inbound ports be running before you run the wizard and create the security policy. In my lab the server will work as file and print server. To do it al little harder the lab Server runs also TeamSpeak witch is not an Microsoft Application . The teamspeak server will listen on UDP Port  8767. After Clicking next, the wizard ask to crate an new policy. The next part is Interesting you are able to chose the Local or an remote server. My preferred option is to insta ll the SCW on each server and make local scans. Now we are able to check the version of the "Security DB". If you need an special service on many server’s witch is not listed edit the XML files in "%SystemRoot%\Security\msscw\policies%". More info about the XML file are located on google. After Skipping the window we are able to chose the server roles . In the next Dialog we are able to chose the client features like DHCP client, wins client …. and may more. Now microsoft want us to chose witch are the installed options of the server. The SCW now detects non windows services. in my lab he find the VM Tool’s . Now we must approve the disabling of unused services. Please check the list very cheerfully. Now the big magic continues with the approval of TCP/ IP ports. Please check the list very cheerfully. Now one of the biggest "lion’s den". In the registry the SCW will change settings for "SMB Security Signatures", "LDAP Signing", "Outbound Authentication Protocols" and "Inbound Authentication Protocols". with this settings enabled the server are harden to the most man-in-the-middle attacks an password cracking will be not so easy. The audit policy is a mixed blessing. Its very imported to find security issues in the logs. But study the logs will take much much time. So just enable the normal logging. Enter an Description an Save the Policy File. Now You Are able to apply  the policy now or later. Applying the policy will force an restart of the server !!

After applying the policy the TeamSpeak server stop’s working like except. But after editing the policy and again, insert the port 8767 all services works fine.

My conclusion of the Microsoft Security Configuration Wizard is: The tool is very easy to use and brings many good changes in short time. The use of SCW sold be carefully tested. But i’m strongly advise the use on all windows servers.