Introducing Microsoft Windows Server(TM) 2003

You can control security on your local computer, or on multiple computers, by controlling the following: password policies, account lockout policies, Kerberos policies, auditing policies, user rights, and other policies.

To create a systemwide policy, you can use security templates; apply templates using the Security Configuration and Analysis snap-in; or edit policies on the local computer, organizational unit, or domain.

Security Configuration Manager

The Security Configuration Manager tool set lets you create, apply, and edit security variables for your local computer, organizational unit, or domain. The following list describes the components of the Security Configuration Manager tool set:

• Security Templates.

  Defines a security policy in a template. These templates can be applied to Group Policy or to your local computer.

• Security Settings Extension to Group Policy.

  Edits individual security settings on a domain, a site, or an organizational unit.

• Local Security Policy.

  Edits individual security settings on your local computer.

• Secedit Commands.

  Automates security configuration tasks at a command prompt.

Security Configuration and Analysis

Security Configuration and Analysis is a Microsoft Management Console (MMC) snap-in for analyzing and configuring local system security.

Security Analysis

The state of the operating system and applications on a computer is dynamic. For example, you might need to temporarily change security levels so that you can immediately resolve an administration or network issue. However, this change can often go unreversed. This means that a computer might no longer meet the requirements for enterprise security.

Regular analysis enables an administrator to track and ensure an adequate level of security on each computer as part of an enterprise risk management program. An administrator can tune the security levels and, most important, detect any security flaws that might occur in the system over time.

Security Configuration and Analysis lets you quickly review security analysis results. It presents recommendations alongside current system settings and uses visual flags or remarks to highlight any areas where the current settings do not match the proposed level of security. Security Configuration and Analysis also offers the ability to resolve any discrepancies that that analysis reveals.

Security Configuration

Security Configuration and Analysis can be used to directly configure local system security. Through its use of personal databases, you can import security templates that have been created with Security Templates and apply those templates to the local computer. This immediately configures the system security with the levels specified in the template.