Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

Although the US Government has not published a US Government Configuration Baseline (USGCB) standard for Windows 8 or Windows 8.1, Microsoft has just published a beta release of Microsoft security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  It includes documentation, GPOs, and scripts for installing the recommended settings to local group policy.  In addition to incorporating settings that were added to the new releases, we have added recommendations to help block some Pass the Hash attack vectors, block the use of web browsers on domain controllers, and incorporate the Enhanced Mitigation Experience Toolkit (EMET) into the standard baselines.

More information here:

Comments (1)

  1. ML49448 says:


    Can anyone tell me more about how and when revised USGCB GPOs are released? I don't need an exact release date, but I'm concerned that I haven't seen any indication of their development. I'm particularly interested to know if support will be considered for more recent versions of Internet Explorer.

    Also, are there any USGCB resources besides and this blog? I keep hoping I'll find an active community out there somewhere, but I haven't come across it yet.

    Thank you for your time and assistance,

    [Aaron Margosis]  As far as anyone can tell, NIST hasn't made any movement toward releasing baselines for Windows newer than Windows 7.