In the Save Security Policy section of the Security Configuration Wizard (SCW), you can save and apply the security policy created or edited with SCW.

Security Policy File Name

Choose a location and a file name with an .xml extension to save the security policy. You should save the security policy in a location accessible to administrators who will run SCW to apply the policy.

View Security Policy

You can click View Security Policy to open SCW Viewer. SCW Viewer allows you to browse the details of the policy before saving it.

Include Security Templates

You can include policy settings in your security policy in addition to those created with SCW. Click Include Security Templates to include a security template with the additional policy settings. If any template settings conflict with those created in SCW, then SCW takes precedence.

Apply Security Policy

You can apply a security policy immediately after creating or editing the policy by clicking Apply now on this page. If you want to make changes to the policy, or if you do not want to apply the security policy to the selected server, click Apply later. If you choose to apply the policy later, no changes are made to the selected server. When you want to apply the security policy, run SCW and, on the Configuration Action page, click Apply an existing security policy.

For the following services to be disabled, you must restart the selected server after applying the SCW policy:

  • Application Management

  • Terminal Services or Remote Desktop Services

  • Windows Audio

After the policy is applied, the startup mode for each service is changed to the value specified in the security policy. However, the current status of these services is not changed until the computer is restarted.

If the security policy configures exceptions for applications or services (that is, the security policy adds them to the allowed exceptions list) and those applications or services were running before Windows Firewall with Advanced Security was started, the computer will have to be restarted for these applications and services to run properly.

If the security policy applies to services that are not found in the Security Configuration Database and instead were entered on the Select Additional Services or the Handling Unspecified Services pages of SCW, then the selected server must be restarted for the applied policy to take effect.

Additional references