Forum Discussion

KYoussef_Consultant's avatar
KYoussef_Consultant
Copper Contributor
Mar 19, 2019

Windows 2016 security hardening based on CIS benchmarks

Hi, I have a customer who would like to apply Center internet Security (CIS) hardening benchmarks to his Domain Controllers and member servers. My understanding is that the best way to apply these rules is by applying GPOs in Active directory (on Domain controllers OU for DCs and on Domain or OU level for member servers) and not by applying them on Win 2016 local GPOs. I am going into the right direction here ? 

Active Directory

2 Replies

  • PrashantDv's avatar
    PrashantDv
    Copper Contributor
    Mar 22, 2020

    KYoussef_Consultant 

     

    Hi Youssef,

     

    Applying CIS benchmark hardening is best done using Domain GPO, segregated by domain controllers and member servers.


    That is how we have implemented CIS security benchmarks. 

     

    We also do use the CIS benchmarks for the end user workstations to make them more secure and is available for all Windows 10 , Windows 8, Windows 7 and even a version of XP though that is no longer in mainstream support.

     

    Kind Regards,

    PD

    • Yasarmistry's avatar
      Yasarmistry
      Copper Contributor
      Mar 01, 2021

      PrashantDv  i knwo this is old post, but i am looking CIS bencmarks ready GPO.

      Could you please share,.... appreciate if you share.

Resources