Server roles describe the main function or functions performed by a server in your organization. For example, a domain controller performs the Domain Controller server role. Server roles must have role-specific services enabled. The Security Configuration Wizard (SCW) enables services that are necessary for the selected server to perform the server roles that you select on this page. Unnecessary services are disabled.
When you select a role, all dependent roles are selected automatically. You do not have to select dependencies manually.
If a role that you want to select is not available, then consider selecting a broader role that would include the role that you want. The role you want to select might be a client feature or an administration option. Then you can select it on later pages in the wizard. If a role you want is not installed, and it is not in the Security Configuration Database, then it will not appear in any view.
Additional considerations
- To see services and other server roles that
are required for a specific role, click the triangle next to the
server role. SCW lists a description of the role, required
services, and dependent server roles.
- When you edit an existing policy, the
settings are determined by the policy that is being edited, not by
the state of the computer running SCW.
- When you are using SCW to apply a policy, a
selected check box indicates that the associated service will be
enabled. A cleared check box indicates that the service will be
disabled.
- The role selections made on this page affect
other choices throughout the wizard. For example, if you select the
Domain Controller server role, only options that are appropriate
for a domain controller will appear later.
- If you create a policy and select an
uninstalled role, and you subsequently edit that policy and the
role is still not installed, then the previously selected role will
not be selected while you are editing the policy. You will have to
select that role again from the list of uninstalled roles if you
want it to be selected. This design facilitates the common task of
editing a policy that was originally created on a server that has
since been reconfigured.
- When the Failover Clustering server role is
selected, SCW makes no changes to the startup mode for services
that support clusters.
- You can change the view in which server roles
are presented. By default, installed server roles are shown. These
are server roles that the selected server can perform without
installing additional components. If you are creating a new
security policy, the roles that the server currently performs are
selected by default. If you are editing an existing security
policy, the roles enabled by the policy are selected by default.
You can view all server roles in the Security Configuration
Database by changing the view to All roles. To enable the
services that are necessary for the selected server to perform its
installed server roles, select the appropriate server roles in the
list. If you plan to install other server roles on the selected
server or if you plan to apply this security policy to other
computers that have slight differences in role configuration, in
View, click All roles, and then select the
appropriate server roles.