The following is one of three checklists to accompany Jonathan Hassell's webcast New security enhancements in Windows...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Server 2003 SP1, available now. Other checklists in this series include:
The Security Configuration Wizard (SCW) in Windows Server 2003 SP1 includes the Scwcmd.exe command-line tool. This versatile tool can perform many tasks you can automate using scripts or batch files. Here, I'll briefly outline the most common tasks you will want to perform using SCWCMD.
|Checklist: How to use command-line features in Security Configuration Wizard|
|Configure servers with a policy|
|The most basic use of the command-line tool is to configure one or many servers with an SCW-generated policy. You can apply a policy to the current machine, to a remote machine|
|using either its NetBIOS name or IP address, or to an entire organizational unit's machines. For example, to apply the machine.xml policy to the current computer, simply use:|
|scwcmd configure /p:machine.xml|
|To apply the policy to all of the machines in the File Servers organizational unit (OU) within Company.com, you need to use the full LDAP name within the arguments of the command.|
| It should look something like this:
Scwcmd configure /ou:OU=FileServers,DC=company,DC=com /p:machine.xml
|Analyze machines for policy compliance|
|You can also analyze a machine, a list of servers or an entire OU with an SCW-generated policy. For example, to analyze your SQL Server machine with the sqlserver.xml policy, use:|
|scwcmd analyze /m:SQLservername /p:sqlserver.xml /u:administrator|
|To analyze the SQL Server OU, use the following. Note that the entire LDAP name needs to be used when specifying Active Directory-based containers with this command:|
|scwcmd analyze /ou:OU=SQLServers,DC=company,DC=com /p:sqlserver.xml /u:administrator|
|The results of running this command are returned to an XML file generated by the wizard, which you can view using another option in SCWCMD. I'll demonstrate that below.|
|Roll back SCW policies|
|If you make a mistake and need to "undo" a policy application on either a local or remote machine, you can use the command-line tool to get the machine back up quickly.|
|You can also use the /u switch to perform the operation using another user's credentials, if yours aren't sufficient on a remote machine.|
| For example, to roll back a policy on the machine R2B2SRV1, use:
scwcmd rollback /m:R2B2SRV1 /u:administrator
| You can also use an IP address if you aren't sure of the friendly name of a machine:
scwcmd rollback /m:192.168.2.2 /u:localadmin
|View analysis results|
|You can use the scwcmd view command to render the raw XML results file that the wizard generates with an XML transform file that makes the results easier to read. The directory|
|%windir%\security\msscw\transformfiles contains .xsl transform files, which are applied to the .xml policy file for the rendering process. To view a policy file, use this syntax:|
|scwcmd view /x:policyfile.xml /s:policyview.xsl|
Windows Security Checklists offer you step-by-step advice for planning, setting up and hardening your Windows security infrastructure. E-mail the editor to suggest additional checklist topics.
More from SearchWindowsSecurity.com
|ABOUT THE AUTHOR: Go back to Checklists|
|Jonathan Hassell is an author, consultant and speaker residing in Charlotte, North Carolina. Jonathan's books include RADIUS and Learning Windows Server 2003 for O'Reilly Media and Hardening Windows for Apress. His work is seen regularly in popular periodicals such as Windows IT Pro Magazine, SecurityFocus, PC Pro and Microsoft TechNet Magazine. He speaks around the world on topics including networking, security and Windows administration.|