Wednesday, December 08, 2004 3:11 PM bart

Windows Server 2003 SP1 RC1 - Security Configuration Wizard

SCW ... It's a great tool and you definitely should check it out if you're testing RC1 of W2K3 SP1. But if you can't find it, please remember it has to be installed separately via the Configuration Panel, Add/Remove Programs, Add/Remove Windows Components. If I'd have to give one point of feedback: please install this by default when applying | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Filed under:


# re: Windows Server 2003 SP1 RC1 - Security Configuration Wizard

Wednesday, December 08, 2004 6:41 PM by bart


If you really feel that strong about it... submit the feedback to:

But I'd say you do not need to install it by default, unless you are setting up a new server. Or you are installing the SP in 'interactive mode'. I'd even launch it straight after the install, so the admin knows about it and can test it on the 'test SP1 deployment server'.

If I'm not mistaken, this tool can be run against remote servers, and I believe that is how you would eventually run this on a production server, after doing a remote SP1 install.
The reason for not doing the default install, I would assume, is because production servers (hosted in some datacenter) need to be up and running as soon as possible. Minimizing down-time and minimizing the risk of the SP breaking some apps/services on a production server. So just patching what is there and not adding to much new stuff.

But then again, it has been ages since I installed a server on my own ;-)

# re: Windows Server 2003 SP1 RC1 - Security Configuration Wizard

Wednesday, December 08, 2004 9:21 PM by bart

Thanks for the comment Rudi. A series of comments were already sent to the website you mentioned (which should be pretty wellknown right now since we've been distributing light-bulb stressballs at IT Forum: "Share your ideas!").

I agree that the patching procedure for a production server is indeed more crucial than patching a desktop OS so downtime should be reduced as much as possible. The tool can run against remote machines indeed.

So, basically, what I'm missing is the "notification" for the people that this new tool is indeed available since the Service Pack installation itself does not point people to this brand new (very useful) feature at all. Maybe the concept of a "Security Center" in W2K3 would make sense as well, maybe in the format of an MMC instead of a Configuration Panel plug-in (these comments will be submitted soon when I have a "feedback batch" ready).