LGPO.exe v2.0 PRE-RELEASE: support for MLGPO and REG_QWORD

LGPO.exe is a command-line utility to automate the management of local group policy objects (LGPO). Version 1.0 was released last January. The PRE-RELEASE LGPO.exe v2.0 is attached to this blog post, and adds support for Multiple Local Group Policy Objects (MLGPO) and 64-bit REG_QWORD registry values. It also adds support for /e mnemonic options to enable the GP…

0

Security Compliance Manager 4.0 now available for download!

The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly configure, and manage the computers in your environment using Group Policy and Microsoft System Center Configuration Manager. This version of SCM supports Windows 10, and Windows Server 2016. You can easily configure computers running Windows 10 and Windows Server…

24

Security baseline for Windows Server 2016 Technical Preview 5 (TP5)

Microsoft is pleased to announce the draft release of the security configuration baseline settings for Windows Server 2016, corresponding to Technical Preview 5 (TP5). The final version of Windows Server 2016 will differ from the TP5 pre-release, and this security guidance will change as well. Both TP5 and this guidance are offered for evaluation purposes…

5

Security baseline for Windows 10 (v1511, "Threshold 2") — FINAL

Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1511, also known as "November Update," "Build 10586," "Threshold 2," or "TH2." The downloadable attachment to this blog post includes importable GPOs, tools for applying the GPOs to local GPO, custom ADMX files for Group Policy settings,…

29

Security baseline for Windows 10 (v1507, build 10240, TH1, LTSB) — UPDATE

Based on continuing discussions with security experts in Microsoft, the Center for Internet Security, and customers, we are publishing a few changes to the security configuration baseline recommendations for Windows 10, version 1507. Version 1507 was the original RTM release of Windows 10, and is also known as "Build 10240," "Threshold 1," or "TH1." Version 1507…

0

New tool: Policy Analyzer

Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies. It can also compare GPOs against current local policy settings and against local…

40

LGPO.exe – Local Group Policy Object Utility, v1.0

LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools. Features: Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced…

52

Changes from the Windows 8.1 baseline to the Windows 10 (TH1/1507) baseline

In collaboration with Windows security experts from US and UK government organizations and from the Center for Internet Security, we conducted a thorough review not just of the new settings introduced in Windows 10 but of all the accumulated settings inherited from past security baselines. Two goals of the review were to remove settings that…

7

Security baseline for Windows 10 (“Threshold 2”) – DRAFT

[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507 (TH1) and Windows 10 v1511 (TH2).] Microsoft is pleased to announce the beta release of the security baseline settings for Windows 10 version 1511 (Build 10586, a.k.a., “Version 1511,” “Threshold 2,” “TH2,” “November Update”) along with updated baseline settings for Internet…

19

Security baseline for Windows 10 (build 10240) – FINAL

[Removing the attachment from this post. Please see updated baseline content for Windows 10 v1507 (TH1) and Windows 10 v1511 (TH2).] Microsoft is pleased to announce the final release of the security baseline settings for Windows 10 (Build 10240, a.k.a., “Version 1507,” “Threshold 1” or “TH1”) along with updated baseline settings for Internet Explorer 11. Note that…

0