The Security Configuration Database consists of a set of .xml files that list services and ports that are required for each server role that is supported by the Security Configuration Wizard (SCW). These files are installed in %systemroot%\security\ssscw\kbs. After you select a server, the server is scanned to determine the following:

SCW combines this server-specific information into a single .xml file named Main.xml. SCW displays Main.xml if you click View Configuration Database on the Processing Security Configuration Database page.

Centralizing the Security Configuration Database

You may want to maintain the Security Configuration Database in a central location that can be used throughout your organization. This allows local administrators in multiple locations to use the same Security Configuration Database. SCW.exe accepts a command-line argument for the centralized database location.

To specify a centralized configuration database, run the following command at a command prompt:

scw.exe /kb SCWKBDirectoryLocation

For example, two possible commands are:

scw.exe /kb \\securityserver\scwkb

scw.exe /kb k:\


The local administrator who runs SCW must have at least Read permission to the remote Security Configuration Database directory. In non-domain environments, the local administrator may need to provide credentials in order to access the centralized server. This can be accomplished by first establishing a connection to the server. For example, you might use the following command: Net use k: \\securityserver\scwkb /u:securityserver\User1

For more information about selecting server roles, see Select Server Roles.