New to SCM, but why do the baselines for server roles not tie down services (as is the case with SCW)? RRS feed

  • Question

  • Hi All,

    I only manage a handful of Windows based servers and this is a little ad hock, but we are currently migrating from Windows 2003 to 2008 R2 (yes I know we have our finger on the pulse), and I have just come across SMC. In the past, I have used things like security templates under Windows 2000 and the SCW on Windows 2003 and again on my initial builds of 2008 R2, and with SCW in mind, I have a noob question WRT SMC.

    It seems to me that SMC doesn't actually do much to the services on the baselines for the various 2008 R2 server roles, whereas SCW will disable pretty much most of the unnecessary services clutter based on the selected roles. It would be nice to see some of the additional steps taken from SCW and be added to SMC, especially for the server roles where many services can be disabled when servers are deploy for specific single roles.

    Are there any other baselines that are more stringent with regard to service lock-down and firewall rules?



    • Edited by Swinster Tuesday, February 19, 2013 12:52 PM grammar
    Sunday, February 17, 2013 11:42 PM