Policy Analyzer v3.1 PRE-RELEASE

Lots of updates to Policy Analyzer in this unsigned, pre-release preview build — please post comments here to let me know how well it addresses your needs and what else it could add. Download here: PolicyAnalyzer.zip Please see the description of the original Policy Analyzer here for context. Partial list of improvements: Uses localized text correctly in most…

24

Security baseline for Windows 10 v1607 (“Anniversary edition”) and Windows Server 2016

Microsoft is pleased to announce the release of the security configuration baseline settings for Windows 10 version 1607, also known as “Anniversary edition” and internally as “Redstone 1”. The downloadable attachment to this blog post includes importable GPOs, tools for applying the GPOs, custom ADMX files for “pass the hash” mitigation and legacy MSS settings,…

35

The MSS settings

You can download the custom Administrative Template for the “MSS (Legacy)” settings here: MSS-legacy. Note that it is available only for “en-us” (US English). Explanation: Many years ago, before the advent of Trustworthy Computing, some Microsoft security experts identified about 20 Windows registry values (many or perhaps all of which were undocumented at the time) that could…

3

LGPO.exe v2.0 PRE-RELEASE: support for MLGPO and REG_QWORD

LGPO.exe is a command-line utility to automate the management of local group policy objects (LGPO). Version 1.0 was released last January. The PRE-RELEASE LGPO.exe v2.0 is attached to this blog post, and adds support for Multiple Local Group Policy Objects (MLGPO) and 64-bit REG_QWORD registry values. It also adds support for /e mnemonic options to enable the GP…

19

Security Compliance Manager 4.0 now available for download!

The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly configure, and manage the computers in your environment using Group Policy and Microsoft System Center Configuration Manager. This version of SCM supports Windows 10, and Windows Server 2016. You can easily configure computers running Windows 10 and Windows Server…

36

Security baseline for Windows Server 2016 Technical Preview 5 (TP5)

Microsoft is pleased to announce the draft release of the security configuration baseline settings for Windows Server 2016, corresponding to Technical Preview 5 (TP5). The final version of Windows Server 2016 will differ from the TP5 pre-release, and this security guidance will change as well. Both TP5 and this guidance are offered for evaluation purposes…

7

Security baseline for Windows 10 (v1511, "Threshold 2") — FINAL

Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1511, also known as "November Update," "Build 10586," "Threshold 2," or "TH2." The downloadable attachment to this blog post includes importable GPOs, tools for applying the GPOs to local GPO, custom ADMX files for Group Policy settings,…

33

Security baseline for Windows 10 (v1507, build 10240, TH1, LTSB) — UPDATE

Based on continuing discussions with security experts in Microsoft, the Center for Internet Security, and customers, we are publishing a few changes to the security configuration baseline recommendations for Windows 10, version 1507. Version 1507 was the original RTM release of Windows 10, and is also known as "Build 10240," "Threshold 1," or "TH1." Version 1507…

0

New tool: Policy Analyzer

Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies. It can also compare GPOs against current local policy settings and against local…

53

LGPO.exe – Local Group Policy Object Utility, v1.0

LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools. Features: Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced…

72