Forum Discussion

wbaumgardt's avatar
wbaumgardt
Copper Contributor
Jan 18, 2024

Question Regarding Server 2022 Domain & Controller MSCT baselines

I have a basic 'Newbie' question regarding the MSCT baselines.   I see the GPO for 'MSFT Windows Server 2022 - Domain Controller' and also 'MSFT Windows Server 2022 - Member Server'.  I just want to confirm that we should only apply the 'MSFT Windows Server 2022 - Domain Controller' policies to our DC's, and not the Member Server policies as well.  While this seems obvious, I just want to make sure.

6 Replies

    • criiser's avatar
      criiser
      Copper Contributor

      AaronMargosis_Tanium - Does the MSFT replace "Default Domain Controller Policy" aswell? If not, Should MSFT be higher linked than Default Domain Controller Policy?

      • katPedraza's avatar
        katPedraza
        Icon for Microsoft rankMicrosoft
        No they do not replace the default domain controller policy. They are an enhancement to them. Take a look at the implementing security baselines on the premier/unified side of the hours. none of the settings should overlap the default domain controller policy, but you can verify that by utilizing the policy analyzer too.

Resources