Windows Server 2012 Security Baseline


What’s New

The Windows Server 2012 Security Baseline is released for the Windows Server 2012 operating system. This product baseline, used in combination with the Microsoft Security Compliance Manager 3.0 (SCM 3.0) tool, enables you to define custom baselines for Windows Server 2012.

Download This Solution Accelerator

The Windows Server 2012 Security Baseline is integrated with the Microsoft Security Compliance Manager 3.0 (SCM 3.0) tool. To access the Windows Server 2012 Security Guide included with the Windows Server 2012 Security Baseline, download SCM 3.0.

Launch the download of Security Compliance Manager 3.0.

Learn more about the Security Compliance Manager 3.0.

About This Solution Accelerator

SCM 3.0 is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy and Microsoft System Center Configuration Manager. The entire Windows Server 2012 Security Baseline package is available through the Microsoft Security Compliance Manager tool. The tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows Server 2012 in your environment.

What is a security baseline?

A security baseline is a collection of configurations items for a Microsoft product that provides prescribed values to solve a specific use case or scenario. Windows Server security baselines provide guidance and supporting technical data required to implement an effective and efficient security infrastructure that enables you to:

  • Understand threats.
  • Implement countermeasures.
  • Learn about product-specific recommendations.

This knowledge is accessed through the SCM tool, which gives you the ability to customize a security baseline to meet the unique requirements of your organization. The tool exports security baselines in multiple formats to help you apply the configuration and confirm the compliance level of the computers in your organization.

Windows Server security baselines include the following elements:

  • A detailed view of security vulnerabilities related to certain server, application, and browser settings, and the potential impact of configuring significant settings in these areas, to help you better understand how to effectively mitigate threats to your environment.
  • Recommended countermeasures to address such vulnerabilities, as well as the technical data required to implement and assess the state of each countermeasure that you implement.
  • A product-specific security guide that provides detailed instructions and recommendations to help strengthen the security of the servers in your organization.

About the Security Compliance Manager

The Microsoft Security Compliance Manager is the next evolution of the Microsoft Security Compliance Management Toolkit Series. We’ve taken our extensive threats and countermeasures guidance and incorporated it into the tool, enabling you to assess, configure, and manage all of your organization’s security baselines in one centralized location. 

The Security Compliance Manager provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator is designed to help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including Desired Configuration Management (DCM) packs, Security Content Automation Protocol (SCAP), XLS, or Group Policy objects (GPOs)—to export the baselines to your environment and automate the security baseline compliance verification process.

Included in the Download

The Microsoft Security Compliance Manager 3.0 download includes the following components:

  • Security_Compliance_Manager_Setup.exe – The Microsoft Security Compliance Manager allows you to view, update, and export security baselines.
  • LocalGPO.msi – This tool is designed to manage local Group Policy on a computer by applying a security baseline and exporting the local Group Policy.
  • After you download and install the SCM 3.0 tool, you can view all available Microsoft product security baselines. For more information, refer to the getting started guidance in the SCM TechNet Wiki.

The .cab file for the Windows Server 2012 Security Compliance Baseline includes the following components:

  • WS2012 AD Certificate Services Server Security 1.0
  • WS2012 DHCP Server Security 1.0
  • WS2012 DNS Server Security 1.0
  • WS2012 Domain Controller Security Compliance 1.0
  • WS2012 Domain Security Compliance 1.0
  • WS2012 File Server Security 1.0
  • WS2012 Hyper-V Security 1.0
  • WS2012 Member Server Security Compliance 1.0
  • WS2012 Network Policy and Access Services Security 1.0
  • WS2012 Print Server Security 1.0
  • WS2012 Remote Access Services Security 1.0
  • WS2012 Remote Desktop Services Security 1.0
  • WS2012 Web Server Security 1.0
  • Windows Server 2012 Security Guide.docx
  • Windows Server 2012 CCE Reference.xlsm

Related Resources

The following resources provide additional information about security topics and in-depth discussion of the concepts and security prescriptions related to the Security Compliance Manager:

Community and Feedback

  • Want to know what’s coming up next? Check out our Security Guidance Blog.
  • E-mail the Solution Accelerators security team with your feedback:
  • If you have used a Solution Accelerator in your organization, please share your experience with us by completing this short survey.

About Solution Accelerators

Solution Accelerators are authoritative resources that help IT professionals plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free, prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.

Sign up to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as:

  • Communication and collaboration
  • Security, data protection, and recovery
  • Deployment
  • Operations and management

Download This Accelerator

Launch the download of the Security Compliance Manager.