The Security Configuration Editor (SCE) tool is carried over from Windows NT Server 4.0 and enhanced in Windows 2000 Server. It adds policy based security management and configuration with
the Active Directory service, providing
a complete centralized, directory-enabled security management tool for Windows 2000 Server customers.
Security Summary
Windows 2000 Server provides a sophisticated security infrastructure.
At the authentication level, it provides Internet-standards
based authentication, supporting Kerberos and Transport Layer Security. It also provides integrated smart card support. In terms of public
key infrastructure services, Windows 2000 Server features the ability to use public key certificates for client authentication and an extensible API set for developing public-key based applications. Its X.509 certificate services implementation is also the most complete and features the best directory integration. Finally, Windows 2000 Server offers encryption support within the file system to secure sensitive data.
Windows NT Server 4.0 falls behind Windows 2000 Server in this area. It provides none of the advanced authentication options or PKI infrastructure. However, it does feature an excellent X.509 certificate server and excellent encryption support for Internet services. Additionally, with the advent of the Security Configuration Editor in Service Pack 4, Windows NT Server 4.0 features an excellent centralized administration tool to set security policies and then apply them to other servers, greatly easing administrative tasks.
The Solaris 7 product provides a feature-complete implementation of security tools. Support is available for Kerberos V5, TLS,
smart cards, X.509
Certificate Servers, 40 and 128-bit SSL and some centralized security management when integrated with Sun Directory Services or NIS+. Still, there is no single tool or location that allows the administration of all aspects of security management.