Forum Discussion
wbaumgardt
Jan 18, 2024Copper Contributor
Question Regarding Server 2022 Domain & Controller MSCT baselines
I have a basic 'Newbie' question regarding the MSCT baselines. I see the GPO for 'MSFT Windows Server 2022 - Domain Controller' and also 'MSFT Windows Server 2022 - Member Server'. I just want to confirm that we should only apply the 'MSFT Windows Server 2022 - Domain Controller' policies to our DC's, and not the Member Server policies as well. While this seems obvious, I just want to make sure.
6 Replies
- AaronMargosis_TaniumIron ContributorThat is correct.
- criiserCopper Contributor
AaronMargosis_Tanium - Does the MSFT replace "Default Domain Controller Policy" aswell? If not, Should MSFT be higher linked than Default Domain Controller Policy?
- katPedraza
Microsoft
No they do not replace the default domain controller policy. They are an enhancement to them. Take a look at the implementing security baselines on the premier/unified side of the hours. none of the settings should overlap the default domain controller policy, but you can verify that by utilizing the policy analyzer too.
- wbaumgardtCopper Contributor
Many thanks!