...
| Info |
|---|
The download for CIS Compliance remediation utilising AD GPO policies are detailed in this document to help remediating major non-compliant CIS controls. |
| Info |
|---|
Please Click on the GPO Policies to view policies of CIS ComplianceWhen the new GPO is updated, please refer this Excel sheet(GPO Policies) for the remediation steps. |
ConnectSecure has Active Directory GPO templates for the required OS (Windows 10, Windows 11, Windows Server 2022, Windows Server 2016, Windows Server 2012, and Windows Server 2019) which helps in remediating major CIS controls.
...
The existing OU will appear under Domain in Group Policy Management.
...
Right-click on Group Policy Objects → click on New and create a New GPO for Windows 10 Computer, Windows 10 User, Windows Server 2022 Computer and Windows Server 2022 User and then click on OK.
Eg : cis_win10_computer, cis_win10_user, cis_win2022_computer, cis_win2022_user
...
We have to add a WMI Filter for the created GPOs.
Go to Group Policy Objects and click on the GPO ccns_win10_computer and ccns_win10_user, then scroll down and change WMI Filter as to All Versions Windows 10 for Windows 10. Please find the below screenshot for reference.
For Windows Server 2022, select the WMI Filter as Windows Server 2022 Domain Controller.
...
Download the GPO files for the preferred Operating System from the Compliance Remediation tab from in ConnectSecure Portal.
Delete the “Backup.xml” and “gpreport.xml” files from the Compliance GPO folder downloaded from ConnectSecure.
Eg. Before Applying GPO the Non-Compliant Count is 281 for Windows 10.
...