As a nod to the idea that it's not just compatibility that you have to worry about, Microsoft has release their latest iteration security baselines for Windows 8.1, Internet Explorer 11 and Server 2012.
This collection of documentation and Group Policy Objects (GPO's) details a secure baseline for your server and desktop environments.
Here is a quick highlight of the topics included in this documentation pack;
This collection of documentation and Group Policy Objects (GPO's) details a secure baseline for your server and desktop environments.
Here is a quick highlight of the topics included in this documentation pack;
- Use of new and existing settings to help block some Pass the Hash attack vectors
- Blocking the use of web browsers on domain controllers
- Incorporation of the Enhanced Mitigation Experience Toolkit (EMET) into the standard baselines
- Removal of the recommendation to enable "FIPS mode"
- Removal of almost all service startup settings, and all server role baselines that contain only service startup settings.
This documentation pack includes the following folders;
- Administrative Templates
- Documentation
- GP Reports
- GPO
- WMI Filters
The two key sections in the Recommended Security Baseline Settings document (.DOC file) are the new settings in Server 2012 R2 and the removed (deprecated) settings for Windows and Internet Explorer.
You can download the necessary files from here: http://blogs.technet.com/cfs-filesystemfile.ashx/__key/telligent-evolution-components-attachments/01-4062-00-00-03-62-67-77/Win81_2D00_WS2012R2_2D00_IE11_2D00_Baselines_2D00_BETA.zip
Note: that this is a BETA version and is subject to change.
Thanks to Aaron Margosis's very nice MSDN blog for the update.
No comments:
Post a Comment