question

JamesAnder-2735 avatar image
0 Votes"
JamesAnder-2735 asked DaisyZhou-MSFT commented

What is the best practice process (steps) for implementing Windows Server 2016 hardening

Hi,

  1. What is the best practice process (steps) for implementing Windows Server 2016 hardening using SCT (Security Compliance Toolkit)?

  2. How do we verify if SCT implemented properly and it works? Is there a tool that we can use to check?

  3. In case of issues encountered, what is the recommended way to roll-back and restore previous working settings?

thanks,
James

windows-server-security
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @JamesAnder-2735,
I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
Thanks for your time and have a nice day!

Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·

Hello @JamesAnder-2735,
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·
DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @JamesAnder-2735,

Thank you for posting here.

We are researching on the questions in this post, and if there is any update, we will post it here.

Thank you for your understanding and support.


Best Regards,
Daisy Zhou

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered DaisyZhou-MSFT edited

Hello @JamesAnder-2735,

Thank you for your patience.

Here are the answers for your references.

What is the best practice process (steps) for implementing Windows Server 2016 hardening using SCT (Security Compliance Toolkit)?
A:
1.Download the corresponding version of security baseline.
2.Check if you need to export ADMX or ADML file to DC.
3.Creat an OU and put one machine to this OU (for test).
4.Create an new GPO and link this GPO to the OU above.
5.Export the GPO settings from download you want to this new GPO.

How do we verify if SCT implemented properly and it works? Is there a tool that we can use to check?
A:
1.After you deploy the GPO.
2.Run gpupdate /force on the machine in the OU or restart the machine in the OU.
3.Open CMD and run as Administrator, run gpresult /h C:\report.html and click Enter to check GPO settings.
4.Or check if the corresponding registry value of the GPO settings changes.

In case of issues encountered, what is the recommended way to roll-back and restore previous working settings?
A:You can unlink the new GPO or delete the new GPO.


Tip: It is recommended to test in the test environment first, if successful, then deploy it in the production environment.

Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.



Best Regards,
Daisy Zhou


============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.