Server hardening by applying security template. Server 2012 and 2008


I am new to server hardening.

My boss ask me to harden a server
I heard from my boss that I need to download microsoft security template and import that template into the server.

Where can I download this template? He mention you just go to MMC and add this template into the policy. There is setting like minimum security etc. And you can compare the settings

I will be doing server hardening. I need to implement the most secure server hardening. How do you guys do it? I have the document from Center for internet security to implement the hardening. It shows all the steps but there are like a few hundred settings to change. Is there any efficient way of implementing a hardening.

I searched on the internet and there is the security configuration and Windows Server 2012 Security Baseline but I do not find the security templates to download.

For windows server 2008 and 2012.

Please give me your advise.

Appreciate your reply and thanks a lot.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

security compliance manager will do the trick it contains the template for everything up to 2012. There is no R2 support yet but will come shortly after the GA of 2012R2 which is tomorrow
btanExec ConsultantCommented:
Looks like it is about microsoft security compliance manager (SCM) - it brought together Microsoft’s best practices around security settings. It provided detailed explanations for each recommended setting and let you export customized baselines as Group Policy Objects (GPOs) for widespread distribution. It helped you apply the right security settings without having to plow through reams of documentation.

download -
From there, catch the section on "Additional information and supporting resources for SCM are available on the TechNet Wiki site:
SCM Overview, SCM Getting Started, SCM Frequently Asked Questions (FAQ), SCM Release Notes, SCM Baseline Download Help

In the case of SCM, the community includes agencies within the U.S. Department of Defense, Microsoft Consulting Services, NATO and governments around the world. After further testing, Microsoft creates the baseline. Then this baseline is maintained and updated with every new service pack, as well as changes in the threat landscape.

The baselines with the first SCM came in two flavors: EC for Enterprise Client and SSLF for Specialized Security, Limited Functionality. The new baselines for SCM version 2 adopt a four-level severity system. Each item is ranked so you can filter a baseline to select which settings you need:

-Critical settings have a high impact on system security. You should apply these settings to almost any system. Most settings in the former EC baselines will be included here.
-Important settings have significant impact on systems and data. Most settings with this rating match the older SSLF baselines.
-Optional settings have little or no security impact. You can ignore these when defining security baselines.
-None is the default security level for items that haven’t been included in previous baselines. You can ignore these as well.


SCM can also create baselines in the Security Content Automation Protocol (SCAP) XML-based format, managed by the National Institute of Standards and Technology (NIST). For those working in U.S. government organizations, this is a much more robust version of United States Government Configuration Baselines.

See NIST's National Checklist Program (NCP)  is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. NCP is migrating its repository of checklists to conform to the Security Content Automation Protocol (SCAP). @

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Carol ChisholmCommented:
I have not able to find a reference for 2012 R2, and specifically for ADFS 3.0 and WAP which are new in R2.
Any ideas?
Carol ChisholmCommented:
Ah found this
Microsoft Security Assessment Tool
Microsoft Baseline Security Analyzer
Microsoft Security Compliance Manager
btanExec ConsultantCommented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.