The Security Configuration Database consists of a set of .xml files that list services and ports that are required for each server role that is supported by the Security Configuration Wizard (SCW). These files are installed in %systemroot%\security\ssscw\kbs. After you select a server, the server is scanned to determine the following:
- Roles that are installed on the server
- Roles that are likely being performed by the
- Services that are installed but not part of
the Security Configuration Database
- IP addresses and subnets that are configured
for the server
SCW combines this server-specific information into a single .xml file named Main.xml. SCW displays Main.xml if you click View Configuration Database on the Processing Security Configuration Database page.
Centralizing the Security Configuration Database
You may want to maintain the Security Configuration Database in a central location that can be used throughout your organization. This allows local administrators in multiple locations to use the same Security Configuration Database. SCW.exe accepts a command-line argument for the centralized database location.
To specify a centralized configuration database, run the following command at a command prompt:
scw.exe /kb SCWKBDirectoryLocation
For example, two possible commands are:
scw.exe /kb \\securityserver\scwkb
scw.exe /kb k:\
The local administrator who runs SCW must have at least Read permission to the remote Security Configuration Database directory. In non-domain environments, the local administrator may need to provide credentials in order to access the centralized server. This can be accomplished by first establishing a connection to the server. For example, you might use the following command: Net use k: \\securityserver\scwkb /u:securityserver\User1
For more information about selecting server roles, see Select Server Roles.