Windows Server 2022 Microsoft Security Baselines
Windows Server 2022 Microsoft Security Baselines
When a new version of Windows Server comes out, we take a fair amount of time investigating both the new security baseline released by Microsoft as well as the CIS benchmark, ultimately choosing whichever set comes closest to our needs with minimal modification. Since 2016 we've been going with the MS baseline and making modest changes to match what we'd been using on 2012R2 and earlier servers.
In an effort to make these security baselines not only more transparent, but to also work with customers to create custom baselines, please check out the following:
1. This is the security baseline that we used to build our Server 2022 template VM, from which every machine we build and administer is deployed. There are other GPOs applied to the VM from the campus active directory, but that takes place only after a machine is joined to the AD, whereas the settings below are present from the initial power-on and throughout the build process.
Windows Server 2022 initial VM Template Baseline
2. Following that, below is the final baseline that exists on the machine after it's been added to the Active Directory and had our DSC (Desired State Configuration) scripts run. This is what a machine would look like as delivered to a customer.
Windows Server 2022 Final post-DSC Baseline
(NOTE: You'll want to download these and view them in Excel; the web-based preview won't preserve formatting.)
If you have any questions about the above baselines, please feel free to ask at windows@doit.wisc.edu!