I was recently tasked with applying security policies and templates to remote standalone/workgroup servers. Like a good admin I created a hardened policy and started to run the security configuration wizard – I applied the settings thinking that I ticked all the right boxes…but only to I find that I was unable to RDP or get a PowerShell session to the server.
What I was able to do was to add the server in server manager (managing it using it’s local admin creds). From there I created a task that will run a batch file on the unresponsive server, this meant that the server will run the task on itself, as itself.
I added the following to .bat to run the following SCW rollback:
scwcmd rollback /m:servername
Hope the command helps you to roll back your Security Configuration Wizard remotely.