Following in the steps of the insanely useful and cool Microsoft Exchange Server Best Practices Analyzer and Best Practices Analyzer Tool for Microsoft SQL Server 2000, Microsoft rolled out the ISA Server 2004 Best Practices Analyzer on December 8th.
I see that SBS MVP Susan Bradley is already on top of it and noted the hardening warning. I really wish, that instead of putting out separate tools for each app, Microsoft would have a single analyzer app with add-in packs for each application they’re supporting.
Better yet, I’d love to see them somehow tie it into the Security Configuration Wizard and allow you to choose and fine-tune roles for each of your servers. The resulting reports would greatly benefit not just those folks who have datacenters full of Windows servers, each running a single app, but us smaller guys who have to run multiple apps on a server. Even better, you could use this kind of tool to prepare, deploy, and manage your resulting application-level configuration changes. Admins could then run the reports on an automated basis and automate to some degree the appropriate actions, because the tool could then audit the server config against the baseline config already in place. Add in the ability to interface with MOM, and you’ve got a winner.
Don’t get me wrong; with the SCW, the BPA tools, and all the other good stuff Microsoft has coming out, they’re clearly showing that they’re serious about helping the security process. I just hate the feeling of having to load Yet Another Tool or four.
[Edit: As Alistair pointed out, I did indeed copy and paste a bit too emphatically and get the SQL BPA in there twice. D’oh!]