Security Configuration Wizard Helps Secure Site Roles
With the release of Windows Server 2003 SP1, the Security Configuration Wizard (SCW) provides server hardening based on the roles performed by the server. Configuration Manager 2007 templates can be added to SCW to provide the recommended security configuration for Configuration Manager 2007 site system roles. Running the SCW replaces the previous security recommendations to run IIS Lockdown and URLScan on Configuration Manager 2007 roles that require IIS. Because the SCW provides an automated way to help secure servers, the manual hardening checklists for IIS and SQL provided in “Scenarios and Procedures for SMS 2003: Security” are no longer provided.
Before you can run the SCW on your site server and site systems, you must install the Configuration Manager 2007 SCW template, which is scheduled to be included in the Configuration Manager 2007 Toolkit (http://go.microsoft.com/fwlink/?LinkId=93071).
To get more details about What’s New in Security for Configuration Manager
To more know about IIS security & URLSCAN