Hi Experts Im asked to do server hardening and Im planning to use Security Compliance Manager Templates to harden Servers.

Few clarifications I need.

1.        Is Security Compliance Manager is the best option to manager server hardening process or some other ways?
2.        I have Windows server 2003-R2 (Domain and Forest Functional level is 2003) in head office site that holds FSMO and planning to build 3 more Active Sites and we will install Windows Server 2012 in new sites.  Not any immediate plan to migrate from 2003 to 2012 in HQ.  In Security Compliance Manager we have to select which Server platform we have to select (Server 2003/2012/2012R2). Can I import template for server 2012 R2 in Active Directory for new 2012 Member servers and use security filtering to import domain controller template for 2012 DCs?
3.         Any challenge that may arise?
4.        Best option to harden servers.