Forum Discussion
How to Use Baselines Correctly as a Beginner
Hello everyone,
regarding baselines I am a beginner, I downloaded them yesterday for Windows 11 pro and tried to document myself to use them in the right way but I found fragmentary information around the web.
First I ran the script to install them as a standalone machine : PowerShell.exe -ExecutionPolicy RemoteSigned -File .\Baseline-LocalInstall.ps1 -Win11NonDomainJoined and everything was applied at least from what I read in the logs file.
The first question is, if I wanted to return to the starting situation then without the applied changes should I run the Remove-EPBaselineSettings.ps1 script without specifying any parameters?
Then I tried using the policy analyzer by feeding it the rules xslx file for Windows 11 and comparing with the current state.
Would this already be enough to verify that indeed everything has been applied?
However, when I do the comparison I get an error message and a warning but then it still shows me the comparison.
Attached is the screenshot
Can you tell me if there is complete and detailed documentation on both the baselines and for the policy analyzer?
There are several options that I don't really understand so I haven't ventured to use.
Thanks to all
1 Reply
The SCT baselines don't provide a means to undo the application of a baseline. Some of the settings are "tattooed" so it's not entirely possible to revert completely to the original state. The purpose of the "Remove-EPBaselineSettings.ps1" script was to TRY to restore default settings for Exploit Protection settings that had been included in a baseline from several years ago. If experimenting, consider using virtual machines with snapshots that can be reverted.
For the Policy Analyzer questions, see the documentation ("Policy Analyzer.pdf") that's included with the tool. Note that it does not ingest Excel files.
