Microsoft Download Center Archive

Microsoft Web Application Configuration Analyzer v2.0

  • Published:
  • Version: 2.0
  • Category: Tool
  • Language: English

Web Application Configuration Analyzer (WACA) analyzes server configuration for security best practices related to General Windows, IIS , ASP.NET and SQL Server settings.

  • Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. The list of best practices is derived from the Microsoft Information Security & Risk Management Deployment Review Standards used internally at Microsoft to harden production and pre-production environments for line of business applications. The Deployment Review standards themselves were derived from content released by Microsoft Patterns & Practices, in particular: Improving Web Application Security: Threats and Countermeasures available at: It uses an agent-less scan that requires the user to have admin privileges on the target server, as well as any SQL Server instances running on that machine. It can be used by developers to ensure that their codebase works within a secure / hardened environment (although many of the checks are not as applicable for developers).

    This release of WACA we included some new features. They include:
    • Suppressions – you can now suppress any rule you feel is not appropriate for your scan.
    • Saving of suppression files – once you set up a suppression list you want to use you can save it off for future uses.
    • You can change the suppressions and regenerate the report without needing to re-run the scan.
    • Reporting – Updated the reporting section to include suppression information so you know what passed, failed, was not applicable and what was suppressed.
    • Multiple reports – you can view multiple scans of the same machine or view a single machine’s scan and compare it to other machines.
    • Export to the Microsoft RED format.
    • Scan multiple systems and SQL instances in one bulk scan.
    • Additional rules – we’ve added in additional SQL rules.
    • And of course bug fixes that were missed in the last release.


Status: Deleted

This download is no longer available on The downloads below are archives provided by the Internet Archive Wayback Machine from the Microsoft Download Center prior to August 2020.

FileSHA1 HashSize
WACAV20.msife253c422c83428be4aa6f4746cf79f06fcd4fa33.87 MB

System Requirements

Operating Systems: Windows 7, Windows Server 2003, Windows Server 2003 R2 (32-Bit x86), Windows Server 2003 R2 x64 editions, Windows Server 2008

  • Supported Operating Systems for installation: Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008 R1/R2

    Support Operating Systems for scanning: Windows Server 2003, Windows Server 2008 R1/R2

    Sofware Requireemnts: .NET Framework v4.0, Microsoft Office Excel (Optional)

Installation Instructions

    1. Click the Download link to start the download.
    2. Do one of the following:
      • To start the installation immediately, click Open or Run this program from its current location.
      • To copy the download to your computer for installation at a later time, click Save or Save this program to disk.