Member: AaronMargosis_Tanium | Microsoft Community Hub

Recent Discussions

Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates
My apologies for the bug leading to a crash rather than displaying a warning. Also my apologies for having to post the answer as a screenshot: the techcommunity platform seems to have some unnecessarily aggressive filtering that deletes comments that it shouldn't.
Apr 24, 2025 Place Microsoft Security Baselines
539Views
0likes
0Comments
Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates

Apr 23, 2025 Place Microsoft Security Baselines
534Views
1like
0Comments
Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates
I'll try posting it as an image instead:
Apr 23, 2025 Place Microsoft Security Baselines
1.5KViews
1like
3Comments
Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates
I found the source of the problem and have posted replies about it twice, and my replies keep getting disappeared. I'll try again... Posted again, and it's disappeared again already.
Apr 23, 2025 Place Microsoft Security Baselines
463Views
0likes
0Comments
Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates
The problem is that with the April 8 2025 updates Microsoft added a new Advanced Auditing subcategory and mistakenly assigned it the same GUID that is already assigned to another subcategory. That's a bug in Windows -- those GUIDs need to be unique to configure auditing. The bug in Policy Analyzer appears to be that it assumes there are no duplicates and fails to check for them (which it had never needed to before). The new Advanced Auditing subcategory is represented in the registry key, HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Audit\SystemPolicy\LogonLogoff\AccessRights. On a US-English system, it is called "Audit Access Rights" in the "Logon/Logoff" category. In the registry it has the same GUID as "Audit Token Right Adjusted" under "Detailed Tracking." Microsoft updated the Windows Update packages on April 11 for some OSes, including Win11 23H2/24H2, Win11 LTSC 2024, WS2025, and Azure Stack HCI 22H2, so that applying WU after that date resolves the issue. (As far as I can tell, the mistake was never applied to Win10 22H2.) For many other supported OSes, including WS2022, WS2019, WS2016, Win10 LTSC 2019, Win10 LTSC 2016, fixing the issue requires finding, downloading, and installing an OS-specific out-of-band update from the Microsoft Update Catalog website. One of the outcomes of applying the fix is that the "Access Rights" subcategory and the AccessRights registry key is removed.
Apr 23, 2025 Place Microsoft Security Baselines
424Views
0likes
0Comments
Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates
Are these on AD-joined systems? I tested on standalone and couldn't repro, and I'm wondering whether this update might be relevant: Microsoft: New Windows updates fix Active Directory policy issues
Apr 16, 2025 Place Microsoft Security Baselines
538Views
0likes
0Comments
Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates
I was out for a couple of days -- just now was my first opportunity to test. I updated my standalone Win11 24H2 VM with the latest WU updates and then tested Policy Analyzer a number of ways. Could not reproduce a crash. Did Microsoft fix the patch and reissue it?
Apr 15, 2025 Place Microsoft Security Baselines
646Views
0likes
2Comments
Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates
What operating system are you seeing this happening on, and do you have any particular security baselines applied? [edit] Also, when did the error occur? Right when starting Policy Analyzer, or when trying to perform a specific operation?
Apr 10, 2025 Place Microsoft Security Baselines
797Views
0likes
5Comments
Re: Security Baseline for Server 2025 is missing ADMX/ADML files?
Looks like you need to import the latest Administrative Templates into your central store. Lots of new settings in the Win11 24H2 and WS2025 templates.
Feb 12, 2025 Place Microsoft Security Baselines
1.5KViews
1like
2Comments
Re: Confusing Naming of Intune M365 Apps Baseline
Office used to have separate GPOs for different Office versions, with the settings persisted in different registry keys. After publishing the 2016 GPOs, they decided to stop doing that and just to continue using the "2016" GPO folder names and the "2016" registry keys for all future Office versions. These are the correct ones for managing your Office apps today.
Feb 12, 2025 Place Microsoft Security Baselines
152Views
1like
0Comments
Re: How to Use Baselines Correctly as a Beginner
The SCT baselines don't provide a means to undo the application of a baseline. Some of the settings are "tattooed" so it's not entirely possible to revert completely to the original state. The purpose of the "Remove-EPBaselineSettings.ps1" script was to TRY to restore default settings for Exploit Protection settings that had been included in a baseline from several years ago. If experimenting, consider using virtual machines with snapshots that can be reverted. For the Policy Analyzer questions, see the documentation ("Policy Analyzer.pdf") that's included with the tool. Note that it does not ingest Excel files.
Feb 04, 2025 Place Microsoft Security Baselines
268Views
0likes
0Comments
Re: Question regarding MSCT 1.0 baselines for Windows Server 2016, 2019, and 2022
Always use the latest versions of the ADMX/ADML files -- in this case from the WS2022 baselines.
Aug 29, 2024 Place Microsoft Security Baselines
451Views
0likes
1Comment
Re: Applying the SCT to standalone hardened systems?
The ADMX/ADML files are useful if you want to see or edit the settings in the Group Policy editor. If you're applying settings using a tool such as LGPO.exe and a GPO backup, the ADMX/ADML files don't need to be present on the endpoint.
Jun 14, 2024 Place Microsoft Security Baselines
830Views
0likes
0Comments
Re: Question Regarding Server 2022 Domain & Controller MSCT baselines
katPedraza-- I think you're mistaken about that. The SCT's baselines for DCs have many settings that intentionally override the "Default Domain Controllers Policy" that ships in Windows and that is created automatically on DCs. Just as a couple of examples, the baselines' SeBackupPrivilege and SeRestorePrivilege user rights assignments intentionally override the default and grant the privilege only to Administrators. (Also, you accidentally marked criiser's question as the "Microsoft Verified Best Answer."))
May 24, 2024 Place Microsoft Security Baselines
963Views
0likes
0Comments
Re: Question Regarding Server 2022 Domain & Controller MSCT baselines
criiser - the recommended policies in the Security Compliance Toolkit baselines should take precedence over the built-in default GPOs.
Apr 09, 2024 Place Microsoft Security Baselines
1.2KViews
0likes
0Comments
Re: Question Regarding Server 2022 Domain & Controller MSCT baselines
That is correct.
Jan 19, 2024 Place Microsoft Security Baselines
1.7KViews
0likes
5Comments
Re: Windows 10/11 22h2 Security Baseline missing in Intune
ThomasOReilly - re #3, that is accurate. Policy Analyzer ingests GPO backups and compares against those settings. It has no knowledge of configuration setting via MDM/CSP.
Oct 05, 2023 Place Microsoft Security Baselines
3.8KViews
0likes
1Comment
Re: Policy Analyzer - Compare all settings
What you need to do is to merge the Policy Analyzer results (each .PolicyRules file is just an XML document) with a full listing of all available GPO settings. I don't know of any publicly available tools to get all those in an XML, but perhaps you could do something with the Excel spreadsheet that ships with the baselines that lists all the settings.
Jun 28, 2023 Place Microsoft Security Baselines
15KViews
0likes
0Comments
Re: Policy Analyzer - Compare all settings
(That's not how Policy Analyzer works. There's no "Open," for example. The actual mechanism is described in the PDF that comes with the tool. You should try it out! It's pretty darn cool! 🙂 )
Jun 28, 2023 Place Microsoft Security Baselines
15KViews
0likes
0Comments
Re: Policy Analyzer - Compare all settings
Policy Analyzer analyzes GPO backups, so a setting needs to be configured in one or more GPOs for it to show in a comparison.
Jun 28, 2023 Place Microsoft Security Baselines
17KViews
0likes
5Comments

User Profile

AaronMargosis_Tanium

User Widgets

Recent Discussions

Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates

Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates

Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates

Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates

Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates

Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates

Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates

Re: Microsoft Policy Analyzer 4.0 crashes after apply April updates

Re: Security Baseline for Server 2025 is missing ADMX/ADML files?

Re: Confusing Naming of Intune M365 Apps Baseline

Re: How to Use Baselines Correctly as a Beginner

Re: Question regarding MSCT 1.0 baselines for Windows Server 2016, 2019, and 2022

Re: Applying the SCT to standalone hardened systems?

Re: Question Regarding Server 2022 Domain & Controller MSCT baselines

Re: Question Regarding Server 2022 Domain & Controller MSCT baselines

Re: Question Regarding Server 2022 Domain & Controller MSCT baselines

Re: Windows 10/11 22h2 Security Baseline missing in Intune

Re: Policy Analyzer - Compare all settings

Re: Policy Analyzer - Compare all settings

Re: Policy Analyzer - Compare all settings

Recent Blog Articles