cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Microsoft Baseline Security for windows 10 v2004

sharkee
Copper Contributor

‎Sep 13 2020 02:00 AM - last edited on ‎Nov 29 2021 08:12 AM by

‎Sep 13 2020 02:00 AM - last edited on ‎Nov 29 2021 08:12 AM by

Microsoft Baseline Security for windows 10 v2004

Hello,

 

   I have a group of PCs that are under a separate active directory OU, that are running windows 10 v2004. I would like to apply on these PCs the Microsoft baseline security, my question is that the baseline security for windows 10 v2004 comes with 11 policies (listed below):

 

1. MSFT Internet Explorer 11 - Computer
2. MSFT Internet Explorer 11 - User
3. MSFT Windows 10 2004 - BitLocker
4. MSFT Windows 10 2004 - Computer
5. MSFT Windows 10 2004 - User
6. MSFT Windows 10 2004 and Server 2004 - Defender Antivirus
7. MSFT Windows 10 2004 and Server 2004 - Domain Security
8. MSFT Windows 10 2004 and Server 2004 Member Server - Credential Guard
9. MSFT Windows Server 2004 - Domain Controller Virtualization Based Security
10. MSFT Windows Server 2004 - Domain Controller
11. MSFT Windows Server 2004 - Member Server

 

Do I have to apply all the baseline security policies to the OU? or only the windows 10 ones, such as :

 

1. MSFT Internet Explorer 11 - Computer
2. MSFT Internet Explorer 11 - User
3. MSFT Windows 10 2004 - BitLocker
4. MSFT Windows 10 2004 - Computer
5. MSFT Windows 10 2004 - User
6. MSFT Windows 10 2004 and Server 2004 - Defender Antivirus
7. MSFT Windows 10 2004 and Server 2004 - Domain Security
8. MSFT Windows 10 2004 and Server 2004 Member Server - Credential Guard

 

Also, what should be the lining order of the policies? 

 

Thanking you

 

 

 

Labels:
1,670 Views
1 Like
1 Reply
Reply
1 Reply
best response confirmed by sharkee (Copper Contributor)
AaronMargosis_Tanium

‎Sep 14 2020 07:43 AM

‎Sep 14 2020 07:43 AM

Solution

Re: Microsoft Baseline Security for windows 10 v2004

@sharkee -

Apply the IE GPOs to all Windows 10 and Server systems;

Apply anything with "Windows 10" in the name to Windows 10 systems;

Apply anything with "Member Server" in the name to Member servers and to standalone Server systems;

Apply anything with "Domain Controller" in the name to DCs;

Apply anything else with "Server" in the name to Server systems (including DCs, Members, or standalone).

Precedence order between these policies won't matter because there aren't any conflicting settings.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by sharkee (Copper Contributor)
AaronMargosis_Tanium

‎Sep 14 2020 07:43 AM

‎Sep 14 2020 07:43 AM

Solution

Re: Microsoft Baseline Security for windows 10 v2004

@sharkee -

Apply the IE GPOs to all Windows 10 and Server systems;

Apply anything with "Windows 10" in the name to Windows 10 systems;

Apply anything with "Member Server" in the name to Member servers and to standalone Server systems;

Apply anything with "Domain Controller" in the name to DCs;

Apply anything else with "Server" in the name to Server systems (including DCs, Members, or standalone).

Precedence order between these policies won't matter because there aren't any conflicting settings.

View solution in original post

0 Likes
Reply