Sep 13 2020 02:00 AM - last edited on Nov 29 2021 08:12 AM by Allen
Hello,
I have a group of PCs that are under a separate active directory OU, that are running windows 10 v2004. I would like to apply on these PCs the Microsoft baseline security, my question is that the baseline security for windows 10 v2004 comes with 11 policies (listed below):
1. MSFT Internet Explorer 11 - Computer
2. MSFT Internet Explorer 11 - User
3. MSFT Windows 10 2004 - BitLocker
4. MSFT Windows 10 2004 - Computer
5. MSFT Windows 10 2004 - User
6. MSFT Windows 10 2004 and Server 2004 - Defender Antivirus
7. MSFT Windows 10 2004 and Server 2004 - Domain Security
8. MSFT Windows 10 2004 and Server 2004 Member Server - Credential Guard
9. MSFT Windows Server 2004 - Domain Controller Virtualization Based Security
10. MSFT Windows Server 2004 - Domain Controller
11. MSFT Windows Server 2004 - Member Server
Do I have to apply all the baseline security policies to the OU? or only the windows 10 ones, such as :
1. MSFT Internet Explorer 11 - Computer
2. MSFT Internet Explorer 11 - User
3. MSFT Windows 10 2004 - BitLocker
4. MSFT Windows 10 2004 - Computer
5. MSFT Windows 10 2004 - User
6. MSFT Windows 10 2004 and Server 2004 - Defender Antivirus
7. MSFT Windows 10 2004 and Server 2004 - Domain Security
8. MSFT Windows 10 2004 and Server 2004 Member Server - Credential Guard
Also, what should be the lining order of the policies?
Thanking you
Sep 14 2020 07:43 AM
Solution@sharkee -
Apply the IE GPOs to all Windows 10 and Server systems;
Apply anything with "Windows 10" in the name to Windows 10 systems;
Apply anything with "Member Server" in the name to Member servers and to standalone Server systems;
Apply anything with "Domain Controller" in the name to DCs;
Apply anything else with "Server" in the name to Server systems (including DCs, Members, or standalone).
Precedence order between these policies won't matter because there aren't any conflicting settings.
Sep 14 2020 07:43 AM
Solution@sharkee -
Apply the IE GPOs to all Windows 10 and Server systems;
Apply anything with "Windows 10" in the name to Windows 10 systems;
Apply anything with "Member Server" in the name to Member servers and to standalone Server systems;
Apply anything with "Domain Controller" in the name to DCs;
Apply anything else with "Server" in the name to Server systems (including DCs, Members, or standalone).
Precedence order between these policies won't matter because there aren't any conflicting settings.