Windows 10/11 22h2 Security Baseline missing in Intune
Hi, can you please enlighten when the Windows 10/11 Security Baseline will be updated to 22H2? The current baseline is of November 2021, I am sure that there are new recommedations in the new baseline (Windows 10, version 22H2 Security baseline - Microsoft Community Hub) that would be helpful while managing Windows in a more modern way. As an example, currently missing the 22H2 option "Allow Administrator account lockout" to manage it without the need of a GPO.Your connection isn't private on edge after hardening plus no home page
Hi, We are in the process of setting up a policy for organizational users using Edge and GPO. We have had a few hickups, two of which I would be happy for assistance with fixing. It's important that all the fixes are via the GPO settings (ADMX as of build 101 of Edge). The first issue is that when the browser starts, we want it to open to our organizational portal, but it opens to "edge://newtab". We managed to set the home page (when you click the home icon) to our portal, but can't figure out how to get Edge to always open with our portal as the main page. The second issue is even more problematic. On some external web sites, even those you would not expect to get it, we get a "Your connection isn't private" message (when trying to browse to "www.google.com" for example. and the internal error is "NET::ERR_CERT_NO_REVOCATION_MECHANISM" We don't have this issue with IE or chrome to the same websites on the same ws's. And we don't have this issue with internal websites. Anyone have any idea why this is happening only on Edge and what the parameter that could be causing this ? Again, it does not happen on all web sites. Some web sites that give this error allow us to move forwards, while others like google, won't even allow that. Would appreciate any help. Mike
Exploit Prevention Blocking EXE files
My environment is having an issue where exe files are being blocked when executed via a remote share. It appears Exploit Prevention is blocking but it does not happen for every user. I have placed an exclusion using Set-ProcessMitigation -Name filename.exe -Disable BlockRemoteImageLoads and the issues still persist. We do not use Defender for Endpoint as a solution and are not managing Exploit Guard policy via GPO, SCCM, or InTune. Also I have verified the process mitigation is disabled using PowerShell. ImageLoad: BlockRemoteImageLoads : OFF AuditRemoteImageLoads : NOTSET Override BlockRemoteImages : False BlockLowLabelImageLoads : OFF AuditLowLabelImageLoads : NOTSET Override BlockLowLabel : False PreferSystem32 : NOTSET AuditPreferSystem32 : NOTSET Override PreferSystem32 : False This randomly started a few days ago and I'm at a loss for how to move forward and why this occured all the sudden.
Microsoft Security Compliance Toolkit 1.0 and Azure Automanage Machine Configuration
I'm looking at deploying a number of Windows images in Azure with Security Baselines applied from the Microsoft Security Compliance Toolkit, all being managed byhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/?view=dsc-2.0. 1) Has anyone already done this? Are there tips/tricks/lessons learned that can be shared? 2) Is there any "pre-integrated" methodology to deploy Azure Windows VMs with current Security Compliance Toolkit Security Baselines, similar to the DoD STIG "Easy Button" approach? (seehttps://learn.microsoft.com/en-us/azure/azure-government/documentation-government-stig-windows-vm) [Apologies in Advance - Azure Automanage newbie...]DCOM Hardening: Different Versions of Windows
My version is win10 19042. when i try to execute any wmi command in my domain; (such as; wmic /node:IPADDR computersystem get username ) If server and client versions are the same, command success; (Windows 10 19042) If server and client versions are different; (Win10 19044, Win10 19042) it gives an error: The server-side authentication level policy does not allow the user domain\User SID (xxx) from address x.x.x.x to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application. I also created the registry key named "RequireIntegrityActivationAuthenticationLevel" on the remote computer and set its value to 0 but it doesn't affect it and gives the same error. How to overcome this situation except upgrade all remote computers?
Command prompt password showing and correct
The lock screen on my PC is showing your pin is no longer available due to a change to the security settings on this device click to set up your pin again and when I am clicking on set up your pin I am again redirected to the lock screen and nothing happens and when I tried using advance option to troubleshoot the problem the command prompt was asking for a password for which I entered passwords this word showing in correct and I had enter all password that I could recall so what to do now please help me
Intent behind configuring Network Protection but not enabling it in Windows Server Baselines
What is the intent behind the following two settings in the Windows Server 2019/2022 Baseline: Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection Prevent users and apps from accessing dangerous websites Block Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server. In Windows Server Network Protection is not enabled by default, so when the 2nd setting is left to unconfigured the first setting cannot and does not work. Why configure it then?Unable to Create Import Configuration Data - SCCM DCM (.CAB) Files
Respected, Unable to Create "Import Configuration Data" - SCCM DCM (.CAB) File for SCCM. Like to import CIS baseline of Windows 2016 in SCCM under Configuration Baselines\Configuration Items using an option called "Import Configuration Data" Unable to find a matching tool like SCM, where I can import GPO and export as SCCM DCM (CAB) File. the same file can be imported in SCCM under Configuration Items/Configuration Baselines. Can use them for bulk deployment & Run compliance scans. My requirement is: CIS Baselines need to import into SCCM & Run detailed Baseline reports.
