Hardening Windows Using Microsoft Security Baselines

Reading Time: 2 minutes

For reference, the reference below is an excellent job. Again a reason I post item on this site is because I want to use this information and sadly… sometimes sites disappear. I also do not like good information interfering with my ads… oh wait that’s not me at all. I don’t like ads inserted in the middle of important documentation. At any rate Woshub has been around a while. Any information here might merely be surplus…. and to ensure that this information stays around. The link details Security Harding for Windows Server 2019. No sooner than I wrote the above… it would be two days later and while trying to visit woshub… i get a “Error establishing a database connection”

I am going to list the short version first. For a longer approach you might want to actually compare policies.

Short Version: The first step is to download the baseline file from “Microsoft Security Compliance Toolkit 1.0


Download the following

Extract the file creating the following directories.

Create a GPO with a name like “Windows 2019 Server Baseline”. Import the bottom most 3 GPOs. Add a Windows 2019 WMI filter so that this GPO will only apply to WIndows 2019 Servers.

SELECT * FROM Win32_OperatingSystem WHERE BuildNumber = "17763" AND ProductType = "1"

ProductType = 1 is for servers so this might be a bit of overkill.

You are now ready to link the GPO to the “Domain Controllers” GPO.


This entry was posted in Microsoft. Bookmark the permalink.