Critical settings not defined in the default Secuirty Compliance Manger baselines RRS feed

  • Question

  • I've got the SCM app installed and taken a GPO backup of all the recommended baselines for Windows 2008 Server R2 SP1.

    I've reviewed some of the settings and noticed that some settings with a severity type of 'Critical' are 'not defined'. Meaning they'll have no affect when the baseline is deployed.

    I know you are able to customise the baseline before taking a backup, which will then allow me to apply the critical settings.

    However in the past I've used the GPOAccelerator to deploy the SSLF settings onto my 2003 Servers, where all recommended settings are defined, so you just deploy the baseline GPO.

    I understand the the SSLF has been scrapped and the these new baselines now contain the recommended security settings.

    I'm just a bit confused as to why some of these critical settings are not defined?

    Will my environment be less secure if I deploy the baselines as they are defined by default in SCM?

    Tuesday, August 28, 2012 3:48 PM