Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

AD GPO

The download for CIS Compliance utilising AD GPO policies is detailed in this document.
ConnectSecure has Active Directory GPO templates for Windows 10 and Windows Server 2022 which helps in remediating major CIS controls.

Steps to Create GPO and link into OU :

  1. Navigate to Group Policy Management under Domain, right-click on WMI Filter and then click on Import and select the WMI Filter file for Windows 10 and Windows Server 2022. Then click on Import. Please find the below screenshot for reference.

WMI Filter for Windows 10

Click on Import Button as shown in the below screenshot.

2. The existing OU will appear under Domain in Group Policy Management.

3. Right click on Group Policy Objects → click on New and create a New GPO for Windows 10 Computer, Windows 10 User, Windows Server 2022 Computer and Windows Server 2022 User and then click on OK.
Ex : cis_win10_computer, cis_win10_user, cis_win2022_computer, cis_win2022_user

4. After creating GPOs for (Windows 10 Computer, Windows 10 User, Windows Server 2022 Computer and Windows Server 2022 User) we have to Link these GPOs with the OU CCNS_CIS.
To Link these GPOs to OU, right click on the OU CCNS_CIS and then click on Link an Existing GPO and select all the GPOs for Windows 10 and Windows Server 2022 Computer and User.

Select all the GPOs for Windows 10, Windows Server 2022 Computer and User.

5. We have to add a WMI Filter for the created GPOs.

Go to Group Policy Objects and click on the GPO ccns_win10_computer and ccns_win10_user, then scroll down and change WMI Filter as All Versions Windows 10 for Windows 10. Please find the below screenshot for reference.

For Windows Server 2022, select the WMI Filter as Windows Server 2022 Domain Controller.

6. Select a Windows 10 GPO and right click on

Group Policy Objects then select Import Settings, click NextNext → select the shared backup file for corresponding Windows 10 computer and user and then click on Finish.

7. After updating the GPO’s in the AD machine, we have to update the GPO policy in the linked AD machine.

  • Open Powershell as administrator and run the below command in the linked AD Windows 10 machine and linked Windows Server 2022 machine to update the GPO Policy

gpupdate /force

After applying GPO, kindly install an agent and check the compliance count and verify.

Before Applying GPO the Non-Compliant Count is 220 for Windows Server 2022.

After Applying GPO the Non-Compliant Count is 39 for Windows Server 2022.

  • No labels