Windows Server 2008 R2 Security Baseline
Published: September 29, 2010 | Updated: January 28, 2013
What’s New
The Windows Server 2008 R2 Security Baseline is updated for Windows Server 2008 R2 Service Pack 1 (SP1). This updated product baseline provides:
- Setting severity ratings, allowing you to quickly sort, prioritize, and apply Microsoft security and compliance recommendations.
- Consolidated product baselines that eliminate EC and SSLF baseline components, and make viewing, customizing, and implementing your security and compliance baselines easier than ever!
- New compliance-based settings groups allow quicker and easier compliance reporting and audit preparation, when used with the GRC management solution within System Center.
Download This Solution Accelerator
The Windows Server 2008 R2 SP1 Security Baseline is integrated with the Microsoft Security Compliance Manager (SCM) tool. To access the Windows Server 2008 R2 SP1 Security Guide included in the Windows Server 2008 R2 SP1 Security Baseline, please download SCM.
Launch the download of Security Compliance Manager.
Learn more about the Security Compliance Manager.
Looking for the Windows Server 2008 SP2 Security Baseline? Learn more.
About This Solution Accelerator
SCM is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy and Microsoft System Center Configuration Manager. The entire Windows Server 2008 R2 SP1 Security Baseline package is available through the Microsoft Security Compliance Manager tool. The tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows Server 2008 R2 in your environment.
What is a security baseline?
A security baseline is a collection of configurations items for a Microsoft product that provides prescribed values to solve a specific use case or scenario. Windows Server security baselines provide guidance and supporting technical data required to implement an effective and efficient security infrastructure that enables you to:
- Understand threats.
- Implement countermeasures.
- Learn about product-specific recommendations.
This knowledge is accessed through the SCM tool, which gives you the ability to customize a security baseline to meet the unique requirements of your organization. The tool exports security baselines in multiple formats to help you apply the configuration and confirm the compliance level of the computers in your organization.
Windows Server security baselines include the following elements:
- A detailed view of security vulnerabilities related to certain server, application, and browser settings, and the potential impact of configuring significant settings in these areas, to help you better understand how to effectively mitigate threats to your environment.
- Recommended countermeasures to address such vulnerabilities, as well as the technical data required to implement and assess the state of each countermeasure that you implement.
- A product-specific security guide that provides detailed instructions and recommendations to help strengthen the security of the servers in your organization.
About the Security Compliance Manager
We’ve taken our extensive threats and countermeasures guidance and incorporated it into the SCM tool, enabling you to assess, configure, and manage all of your organization’s security baselines in one centralized location.
The Security Compliance Manager provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.
Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator is designed to help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including Desired Configuration Management (DCM) packs, Security Content Automation Protocol (SCAP), XLS, or Group Policy objects (GPOs)—to export the baselines to your environment and automate the security baseline compliance verification process.
Use the Security Compliance Manager tool to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.
Included in the Download
The Microsoft Security Compliance Manager download includes the following components:
- Security_Compliance_Manager_Setup.exe – The Microsoft Security Compliance Manager allows you to view, update, and export security baselines.
- LocalGPO.msi – This tool is designed to manage local Group Policy on a computer by applying a security baseline and exporting the local Group Policy.
Once you download and install the SCM tool, you can view all available Microsoft product security baselines. For more information, refer to the getting started guidance in the SCM TechNet Wiki.
The .cab file for the Windows Server 2008 R2 SP1 Security Compliance Baseline includes the following components:
- Windows Server 2008 R2 Security Guide.docx
- Windows Server 2008 R2 Attack Surface Reference.xlsx
- Windows Server 2008 R2 SP1 AD Certificate Services Server Baseline
- Windows Server 2008 R2 SP1 DHCP Server Baseline
- Windows Server 2008 R2 SP1 DNS Server Baseline
- Windows Server 2008 R2 SP1 Domain Baseline
- Windows Server 2008 R2 SP1 Domain Controller Baseline
- Windows Server 2008 R2 SP1 File Server FCI Baseline
- Windows Server 2008 R2 SP1 File Server Baseline
- Windows Server 2008 R2 SP1 Hyper-V Baseline
- Windows Server 2008 R2 SP1 Member Server Baseline
- Windows Server 2008 R2 SP1 Network Access Services Server Baseline
- Windows Server 2008 R2 SP1 Print Server Baseline
- Windows Server 2008 R2 SP1 Remote Desktop Services Baseline
- Windows Server 2008 R2 SP1 Web Server Baseline
Related Resources
The following resources provide additional information about security topics and in-depth discussion of the concepts and security prescriptions related to the Security Compliance Manager:
- Security Solution Accelerators
- Security Compliance Manager TechNet Wiki
- Solution Accelerators Security and Compliance Blog
- Solution Accelerators Team presents Security Compliance Manager
- IT Infrastructure Threat Modeling Guide
- System Center Configuration Manager Extensions for SCAP
Community and Feedback
- Want to know what’s coming up next? Check out our Security Guidance Blog.
- E-mail the Solution Accelerators security team with your feedback: SecWish@microsoft.com.
- If you have used a Solution Accelerator in your organization, please share your experience with us by completing this short survey.
About Solution Accelerators
Solution Accelerators are authoritative resources that help IT professionals plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free, prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.
Sign up to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as:
- Communication and collaboration
- Security, data protection, and recovery
- Deployment
- Operations and management
Download This Accelerator
Launch the download of the Security Compliance Manager.