Mar 30 2020 01:08 PM
I'm interested in implementing the Server 2019 security baselines.
How do you manage the Server 2019 Domain Controller baseline? The Local Policies/User Rights Assignment and Local Policies/Security Options are very different from the DDCP (Default Domain Controller Policy).
Do you merge it with the DDCP? Or do you add the baseline GPO to the Domain Controllers OU with a higher link order?
What's the best practice here?
Apr 06 2020 05:24 AM
@Daniel Niccoli please don't merge it with the DDCP. Link it to your DCs higher in the stack but PLEASE TEST before doing this as there are uniqueness's within every environment that you might need to account for.