Forum Discussion
Lynn Towle
Jul 25, 2019Iron Contributor
Server 2019 WMI Filters or Security Group Filtering
I want to apply a filter for specific Domain Controller OS's for a slow rollout of some security settings. Notably, I want to target server 2019 OS's and not others. I found this in my travels: h...
Lynn Towle
Jul 26, 2019Iron Contributor
We are looking at applying additional security mitigations outside of the baselines. The baselines are applied already. I try to ensure that when anything is applied, its applied in stages, a small subset of servers, test, then additional servers, so on and so forth.
Adding DCs to a security group "seems" like a security risk, you are now opening up a new avenue of attack. That can be mitigated, but takes a bit to get used to.
Also was curious if DCs would have any issues applying policy with security group filtering, are there any base security settings, either built in, or from the baseline that would stop that processing?
Adding DCs to a security group "seems" like a security risk, you are now opening up a new avenue of attack. That can be mitigated, but takes a bit to get used to.
Also was curious if DCs would have any issues applying policy with security group filtering, are there any base security settings, either built in, or from the baseline that would stop that processing?
Lynn Towle
Jul 26, 2019Iron Contributor
Also, thanks for the filter. I've seen that before, but again, a slightly different way of doing things 🙂