Forum Discussion
Beginner Question - Why is there a baseline for every version and type?
Don't run localgpo.wsf. The baseline downloads include ADMX/ADML files including the ones you need for some of those old MSS legacy settings, as well as for additional valuable settings exposed by the Security Compliance Toolkit. More information about the legacy MSS settings here:
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/the-mss-settings/ba-p/701055
Thanks. Yes i reviewed the WSF file and then decided not to deploy it. Even in my DEVLab 😉
I will try out the link you gave me. Appreciated
Some of those log size recommendations haven't been revisited in a long time. 32MB has been the recommendation for the Application log in the baselines going back to Vista (except for an anomaly where 20MB was recommended for Win8).- Another question:
Why are the event log file sizes set so low? Is it because you should collect them right away to a SIEM?
If you don't have one - shouldnt they be higher?
32MB for Application seems a bit to low Just an update to get some information about some problems i came across (maybe other have them too)
MFP Printers vom HP need to be set to LDAPS with "simple bind" instead of Windows negotiation to work with "Channel binding" = "If supported"
Manage auditing and security log need "Exchange Servers" added to the ACL (if you have some) - or they will stop working (not immediately but within the next 2-3 days 😉 )
Thanks for all your help.
I am pushing the DC baseline step by step at the moment.
Another problem: I have some users with LM hashes. Is there an easy way to find out who so i can force them to change their password?