Forum Discussion

sharkee's avatar
sharkee
Copper Contributor
Sep 13, 2020
Solved

Microsoft Baseline Security for windows 10 v2004

Hello,

 

   I have a group of PCs that are under a separate active directory OU, that are running windows 10 v2004. I would like to apply on these PCs the Microsoft baseline security, my question is that the baseline security for windows 10 v2004 comes with 11 policies (listed below):

 

1. MSFT Internet Explorer 11 - Computer
2. MSFT Internet Explorer 11 - User
3. MSFT Windows 10 2004 - BitLocker
4. MSFT Windows 10 2004 - Computer
5. MSFT Windows 10 2004 - User
6. MSFT Windows 10 2004 and Server 2004 - Defender Antivirus
7. MSFT Windows 10 2004 and Server 2004 - Domain Security
8. MSFT Windows 10 2004 and Server 2004 Member Server - Credential Guard
9. MSFT Windows Server 2004 - Domain Controller Virtualization Based Security
10. MSFT Windows Server 2004 - Domain Controller
11. MSFT Windows Server 2004 - Member Server

 

Do I have to apply all the baseline security policies to the OU? or only the windows 10 ones, such as :

 

1. MSFT Internet Explorer 11 - Computer
2. MSFT Internet Explorer 11 - User
3. MSFT Windows 10 2004 - BitLocker
4. MSFT Windows 10 2004 - Computer
5. MSFT Windows 10 2004 - User
6. MSFT Windows 10 2004 and Server 2004 - Defender Antivirus
7. MSFT Windows 10 2004 and Server 2004 - Domain Security
8. MSFT Windows 10 2004 and Server 2004 Member Server - Credential Guard

 

Also, what should be the lining order of the policies? 

 

Thanking you

 

 

 

  • AaronMargosis_Tanium's avatar
    AaronMargosis_Tanium
    Sep 14, 2020

    sharkee -

    Apply the IE GPOs to all Windows 10 and Server systems;

    Apply anything with "Windows 10" in the name to Windows 10 systems;

    Apply anything with "Member Server" in the name to Member servers and to standalone Server systems;

    Apply anything with "Domain Controller" in the name to DCs;

    Apply anything else with "Server" in the name to Server systems (including DCs, Members, or standalone).

    Precedence order between these policies won't matter because there aren't any conflicting settings.

1 Reply

Sort By
  • AaronMargosis_Tanium's avatar
    AaronMargosis_Tanium
    Iron Contributor
    Sep 14, 2020

    sharkee -

    Apply the IE GPOs to all Windows 10 and Server systems;

    Apply anything with "Windows 10" in the name to Windows 10 systems;

    Apply anything with "Member Server" in the name to Member servers and to standalone Server systems;

    Apply anything with "Domain Controller" in the name to DCs;

    Apply anything else with "Server" in the name to Server systems (including DCs, Members, or standalone).

    Precedence order between these policies won't matter because there aren't any conflicting settings.

Resources