Windows Server 2003 Security Templates

Security Templates are basically subsets from the overall Group Policy menu that are security specific. Security Templates are basically examples of various granularly-applied security features. The idea is that, instead of manually building a security policy and run the risk of missing a vital element toward the overall picture, choose one or more ready-made security templates that are available. There are three default templates: domain controller, server, and client. Other templates are available that can be used to implement certain security-specific restrictions.

The Security Configuration & Analysis tool (SCA) is used to create a custom template specifically for a server. From this sole perspective, there is little or no difference between SCA and the Security Templates MMC snap-ins. As the name suggests, it is more of an an analysis tool that happens to be under-utilized in the industry. The analysis is done using a comparison database, and the end results will display security policies in a single screen rather than requiring the user to hop around group policies.

In a way, the SCA is similar to the Effective Permissions for permissions and Resultant Policy features for Group Policy, yet it displays all results rather than the bottom line. SCA will also display policies that have been overridden by other policies. These policies that are displayed can also be modified, and re-integrated back into the entire group policy system.