Home

Windows 2016 security hardening based on CIS benchmarks

%3CLINGO-SUB%20id%3D%22lingo-sub-377048%22%20slang%3D%22en-US%22%3EWindows%202016%20security%20hardening%20based%20on%20CIS%20benchmarks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-377048%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20have%20a%20customer%20who%20would%20like%20to%20apply%20Center%20internet%20Security%20(CIS)%20hardening%20benchmarks%20to%20his%20Domain%20Controllers%20and%20member%20servers.%20My%20understanding%20is%20that%20the%20best%20way%20to%20apply%20these%20rules%20is%20by%20applying%20GPOs%20in%20Active%20directory%20(on%20Domain%20controllers%20OU%20for%20DCs%20and%20on%20Domain%20or%20OU%20level%20for%20member%20servers)%20and%20not%20by%20applying%20them%20on%20Win%202016%20local%20GPOs.%20I%20am%20going%20into%20the%20right%20direction%20here%20%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-377048%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
KYoussef_Consultant
New Contributor

Hi, I have a customer who would like to apply Center internet Security (CIS) hardening benchmarks to his Domain Controllers and member servers. My understanding is that the best way to apply these rules is by applying GPOs in Active directory (on Domain controllers OU for DCs and on Domain or OU level for member servers) and not by applying them on Win 2016 local GPOs. I am going into the right direction here ?