Server roles describe the main function or functions performed by a server in your organization. For example, a domain controller performs the Domain Controller server role. Server roles must have role-specific services enabled. The Security Configuration Wizard (SCW) enables services that are necessary for the selected server to perform the server roles that you select on this page. Unnecessary services are disabled.

When you select a role, all dependent roles are selected automatically. You do not have to select dependencies manually.

If a role that you want to select is not available, then consider selecting a broader role that would include the role that you want. The role you want to select might be a client feature or an administration option. Then you can select it on later pages in the wizard. If a role you want is not installed, and it is not in the Security Configuration Database, then it will not appear in any view.

Additional considerations

  • To see services and other server roles that are required for a specific role, click the triangle next to the server role. SCW lists a description of the role, required services, and dependent server roles.

  • When you edit an existing policy, the settings are determined by the policy that is being edited, not by the state of the computer running SCW.

  • When you are using SCW to apply a policy, a selected check box indicates that the associated service will be enabled. A cleared check box indicates that the service will be disabled.

  • The role selections made on this page affect other choices throughout the wizard. For example, if you select the Domain Controller server role, only options that are appropriate for a domain controller will appear later.

  • If you create a policy and select an uninstalled role, and you subsequently edit that policy and the role is still not installed, then the previously selected role will not be selected while you are editing the policy. You will have to select that role again from the list of uninstalled roles if you want it to be selected. This design facilitates the common task of editing a policy that was originally created on a server that has since been reconfigured.

  • When the Failover Clustering server role is selected, SCW makes no changes to the startup mode for services that support clusters.

  • You can change the view in which server roles are presented. By default, installed server roles are shown. These are server roles that the selected server can perform without installing additional components. If you are creating a new security policy, the roles that the server currently performs are selected by default. If you are editing an existing security policy, the roles enabled by the policy are selected by default. You can view all server roles in the Security Configuration Database by changing the view to All roles. To enable the services that are necessary for the selected server to perform its installed server roles, select the appropriate server roles in the list. If you plan to install other server roles on the selected server or if you plan to apply this security policy to other computers that have slight differences in role configuration, in View, click All roles, and then select the appropriate server roles.

Additional references