Security Baseline 23H2 issue with Hardened UNC Paths

Question

I am testing the 23H2 Security Baseline and ran the CIS Benchmark assessment. A setting that previously passed with the November 2021 baseline is now failing. It is the Hardened UNC Paths under Administrative Templates - Network - Network Provider. The attached screenshot named Hardened UNC Paths...png shows the setting configured in the baseline. The screenshot named Registry.png shows the registry after the baseline is applied.

The entry for \\*\SYSVOL does not show up and the entry for \\*\NETLOGON is wrong. When adding the entry to the registry for this setting, Microsoft swapped the Name and Data values.

The screenshot Registry from Nov 2021 baseline.png is what it should look like and this passes the CIS Benchmark assessment.

Can anyone else confirm this? I plan to open a ticket for this issue.

nicklasolsen · Answer

Do you use settings catalog or the administrative template option in Intune?

meb2004 · Answer

NicklasOlsen&nbsp;I am using the Security Baseline 23H2, not a configuration profile. That is a good idea though. I will change the setting in the Security Baseline to Not Configured and create a configuration profile and see if that works.&nbsp;

nicklasolsen · Answer

Sorry, I misread the original post.Try to see if that makes any difference; if it does, it will be very interesting!

meb2004 · Answer

I tested this on Friday, and it worked. I changed the setting in the Security Baseline to Not Configured and then configured the Hardened UNC Paths in a configuration profile. The registry entries were as expected and passed the CIS Benchmark assessment. I opened a ticket with Microsoft, so I'll see what they say.

nicklasolsen · Answer

Great to hear.Let us know what happens with the ticket 🙂

Forum Discussion

Security Baseline 23H2 issue with Hardened UNC Paths

Share

Resources