Question Regarding Server 2022 Domain & Controller MSCT baselines

Question

I have a basic 'Newbie' question regarding the MSCT baselines.&nbsp; &nbsp;I see the GPO for 'MSFT Windows Server 2022 - Domain Controller' and also 'MSFT Windows Server 2022 - Member Server'.&nbsp; I just want to confirm that we should only apply the&nbsp;'MSFT Windows Server 2022 - Domain Controller' policies to our DC's, and not the Member Server policies as well.&nbsp; While this seems obvious, I just want to make sure.

aaronmargosis_tanium · Answer

That is correct.

wbaumgardt · Answer

AaronMargosis_Tanium&nbsp;Many thanks!

criiser · Answer

AaronMargosis_Tanium&nbsp;- Does the MSFT replace "Default Domain Controller Policy" aswell? If not, Should MSFT be higher linked than Default Domain Controller Policy?

aaronmargosis_tanium · Answer

criiser&nbsp;- the recommended policies in the Security Compliance Toolkit baselines should take precedence over the built-in default GPOs.&nbsp;

katpedraza · Answer

No they do not replace the default domain controller policy. They are an enhancement to them. Take a look at the implementing security baselines on the premier/unified side of the hours. none of the settings should overlap the default domain controller policy, but you can verify that by utilizing the policy analyzer too.

Forum Discussion

Question Regarding Server 2022 Domain & Controller MSCT baselines

6 Replies

Resources