If you are in charge of maintaining the security baseline at your company, you know that there are two key problems you face. First of all, there are a LOT of security settings to tweak within Windows. The services you harden and lock down on a Domain Controller are very different from those that you harden on a Web Server. We’ve provided some excellent and comprehensive recommendations in the following guides:
The other problem is that security settings can drift away from the baseline over time as you install additional software, disable certain security features for troubleshooting purposes, etc.
Enter Project Sundance from the Solution Accelerator team. It includes Security Baseline Toolkits for Office 2007, Windows Server 2003 and 2008, as well as Windows Vista and XP. The toolkits contain the relevant Security Guide, along with the recommended baseline security settings in a file that can be rapidly turned into Group Policy objects and pushed out to clients in your domain through the GPOAccelerator tool.
How easy? I can show you in screenshots :)
And here is what you end up with.
There are some other goodies that come along with Project Sundance. You get an Attack Surface Reference spreadsheet which lets you know what files, services, ports, and role dependencies are involved with each role (Web, Directory Services, DNS Server, etc).
The toolkit also comes with 18 Configuration Packs to use with the desired configuration management feature of Configuration Manager 2007 SP1. This monitoring capability helps to ensure that your security baselines do not change or drift from their prescribed values.
So… A lot of moving pieces, and Project Sundance can help you stay on top of them. Project Sundance is in beta, and the Solution Accelerator team is looking for feedback, so head on over to the connect site to join the Beta.