Security Configuration Templates Topics

Using the Security Configuration and Analysis Tool IIS Templates

During Windows 2000 Resource Kit installation, the Security Configuration IIS Templates are placed by default in the <windir>\security\templates directory of your hard disk. The Resource Kit Setup also installs a Security Templates Snap-in (Sectemplates.msc), a Microsoft Management Console (MMC) snap-in that allows you to view and edit all the security templates currently installed on your system. SecTemplates.msc is placed in the root of the directory where you selected to install the Resource Kit. To start the snap-in and to load and use the templates, use the following procedure:

To load the IIS Templates in the Security Template viewer

1. Install the Resource Kit, making sure you select the "IIS Tools" component.
2. Click Start, and then click Run. In the Open: line, type Sectemplates.msc, and then click OK.
3. When the Security Templates snap-in opens, the SecureInternetWebServer and SecureIntranetWebServer templates appear in the list in the contents pane (on the left) of the Microsoft Management Console.
4. To view and change individual policies in the template, double-click the policy in the right pane of the Microsoft Management Console.

Note

For more information about viewing and editing templates in the Microsoft Management Console, see MMC online Help.

Once the policy is updated to meet your requirements you can import the template into the Security Configuration and Analysis tool and audit against it or apply the template. It is preferable to audit first to see how misconfigured your servers are.

To load the IIS Templates in the Security Configuration and Analysis tool

1. Install the Resource Kit, making sure you select the "IIS Tools" component.
2. Click Start, and then click Run. In the Open: line, type MMC, and then click OK.
3. In the Microsoft Management Console, click Console, and then click Add/Remove Snap-in.
4. In the Add/Remove Snap-in dialog box, click Add.
5. In the list of Available Stand-alone Snap-ins, scroll to the "Security Configuration and Analysis" snap-in, and then double-click it.
6. Close the Available Stand-alone Snap-ins dialog box. In the Add/Remove Snap-in dialog box, click OK.

   In the right-hand pane of the Microsoft Management Console, The Security Configuration and Analysis snap-in appears as a folder ("Scope item") off the Console Root.

7. Select the Security Configuration and Analysis scope item. Follow the directions that appear in the contents pane (on the right) for creating a new database.
8. In the Import Template dialog box, select the IIS template you want to import.
9. To audit your computer against the policies in the template, right-click the Security Configuration and Analysis scope item, and then click Analyze Computer Now....

Note

For more information about viewing and editing templates in the Microsoft Management Console, see MMC online Help.