Windows Server 2008's Security Configuration Wizard (SCW) includes a corresponding command line, SCWCMD.EXE, which lets you automate the application of security policies generated through the wizard's graphical interface. SCW produces output in XML format which is incompatible by default with GPOs. The following command line may be used to convert SCW output into a readable format for inclusion in a GPO…

scwcmd transform /p:MyPolicyFile.xml /g:MyGPOName

This transforms the XML file into a new GPO and must naturally be run with domain administrator privileges. The resulting GPO (saved to saved under the %SYSTEMROOT%\SECURITY\MSSCW\POLICIES) will include the contents of the SCW XML file into a handful of sections within the GPO. These settings will include: Security Settings, IP Security Policies and Windows Firewall. This new GPO must then be linked to appropriate OUs to be applied.

You can use SCW to create new policies, edit existing policies, apply policies and even roll back the assignation of a security policy.

More information on the Security Configuration Wizard can be found .