Microsoft Security Configuration Wizard (SCW) is a software program that allows administrators to easily change a server's default security settings. SCW consists of three main components: a wizard interface, a command-line interface and a Security Configuration Database.
SCW allows administrators to customize network security policies, audit policies, registry values and services. The network security section allows an administrator to add, remove or edit rules relating to Windows Firewall with Advanced Security. The audit policy section allows the administrator to configure an audit policy for a selected server, and the registry section lets the administrator configure the protocols used to communicate with other computers. After choosing the roles to be configured, an administrator can select which features, options and additional services should be enabled or disabled. Disabling unnecessary services reduces the attack surface of the server and may also improve server performance. SCW will also detect role dependencies and automatically include dependent roles in the configuration.
Security policies created in the SCW can be deployed using Group Policy by converting the sections of the security policy that Group Policy supports to a Group Policy Object (GPO) template, using the SCW command-line interface. The GPO must then be linked to an organizational unit that targets the desired servers.