SOLVED

Microsoft Baseline Security for windows 10 v2004

%3CLINGO-SUB%20id%3D%22lingo-sub-1661385%22%20slang%3D%22en-US%22%3EMicrosoft%20Baseline%20Security%20for%20windows%2010%20v2004%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1661385%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BI%20have%20a%20group%20of%20PCs%20that%20are%20under%20a%20separate%20active%20directory%20OU%2C%20that%20are%20running%20windows%2010%20v2004.%20I%20would%20like%20to%20apply%20on%20these%20PCs%20the%20Microsoft%20baseline%20security%2C%20my%20question%20is%20that%20the%20baseline%20security%20for%20windows%2010%20v2004%20comes%20with%2011%20policies%20(listed%20below)%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E1.%20MSFT%20Internet%20Explorer%2011%20-%20Computer%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E2.%20MSFT%20Internet%20Explorer%2011%20-%20User%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E3.%20MSFT%20Windows%2010%202004%20-%20BitLocker%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E4.%20MSFT%20Windows%2010%202004%20-%20Computer%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E5.%20MSFT%20Windows%2010%202004%20-%20User%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E6.%20MSFT%20Windows%2010%202004%20and%20Server%202004%20-%20Defender%20Antivirus%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E7.%20MSFT%20Windows%2010%202004%20and%20Server%202004%20-%20Domain%20Security%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E8.%20MSFT%20Windows%2010%202004%20and%20Server%202004%20Member%20Server%20-%20Credential%20Guard%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E9.%20MSFT%20Windows%20Server%202004%20-%20Domain%20Controller%20Virtualization%20Based%20Security%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E10.%20MSFT%20Windows%20Server%202004%20-%20Domain%20Controller%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E11.%20MSFT%20Windows%20Server%202004%20-%20Member%20Server%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20I%20have%20to%20apply%20all%20the%20baseline%20security%20policies%20to%20the%20OU%3F%20or%20only%20the%20windows%2010%20ones%2C%20such%20as%20%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E1.%20MSFT%20Internet%20Explorer%2011%20-%20Computer%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E2.%20MSFT%20Internet%20Explorer%2011%20-%20User%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E3.%20MSFT%20Windows%2010%202004%20-%20BitLocker%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E4.%20MSFT%20Windows%2010%202004%20-%20Computer%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E5.%20MSFT%20Windows%2010%202004%20-%20User%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E6.%20MSFT%20Windows%2010%202004%20and%20Server%202004%20-%20Defender%20Antivirus%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E7.%20MSFT%20Windows%2010%202004%20and%20Server%202004%20-%20Domain%20Security%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E8.%20MSFT%20Windows%2010%202004%20and%20Server%202004%20Member%20Server%20-%20Credential%20Guard%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20what%20should%20be%20the%20lining%20order%20of%20the%20policies%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanking%20you%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1661385%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EBaseline%20Security%20for%20windows%2010%20v2004%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1664589%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Baseline%20Security%20for%20windows%2010%20v2004%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1664589%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F791725%22%20target%3D%22_blank%22%3E%40sharkee%3C%2FA%3E%26nbsp%3B-%3C%2FP%3E%3CP%3EApply%20the%20IE%20GPOs%20to%20all%20Windows%2010%20and%20Server%20systems%3B%3C%2FP%3E%3CP%3EApply%20anything%20with%20%22Windows%2010%22%20in%20the%20name%20to%20Windows%2010%20systems%3B%3C%2FP%3E%3CP%3EApply%20anything%20with%20%22Member%20Server%22%20in%20the%20name%20to%20Member%20servers%20and%20to%20standalone%20Server%20systems%3B%3C%2FP%3E%3CP%3EApply%20anything%20with%20%22Domain%20Controller%22%20in%20the%20name%20to%20DCs%3B%3C%2FP%3E%3CP%3EApply%20anything%20else%20with%20%22Server%22%20in%20the%20name%20to%20Server%20systems%20(including%20DCs%2C%20Members%2C%20or%20standalone).%3C%2FP%3E%3CP%3EPrecedence%20order%20between%20these%20policies%20won't%20matter%20because%20there%20aren't%20any%20conflicting%20settings.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello,

 

   I have a group of PCs that are under a separate active directory OU, that are running windows 10 v2004. I would like to apply on these PCs the Microsoft baseline security, my question is that the baseline security for windows 10 v2004 comes with 11 policies (listed below):

 

1. MSFT Internet Explorer 11 - Computer
2. MSFT Internet Explorer 11 - User
3. MSFT Windows 10 2004 - BitLocker
4. MSFT Windows 10 2004 - Computer
5. MSFT Windows 10 2004 - User
6. MSFT Windows 10 2004 and Server 2004 - Defender Antivirus
7. MSFT Windows 10 2004 and Server 2004 - Domain Security
8. MSFT Windows 10 2004 and Server 2004 Member Server - Credential Guard
9. MSFT Windows Server 2004 - Domain Controller Virtualization Based Security
10. MSFT Windows Server 2004 - Domain Controller
11. MSFT Windows Server 2004 - Member Server

 

Do I have to apply all the baseline security policies to the OU? or only the windows 10 ones, such as :

 

1. MSFT Internet Explorer 11 - Computer
2. MSFT Internet Explorer 11 - User
3. MSFT Windows 10 2004 - BitLocker
4. MSFT Windows 10 2004 - Computer
5. MSFT Windows 10 2004 - User
6. MSFT Windows 10 2004 and Server 2004 - Defender Antivirus
7. MSFT Windows 10 2004 and Server 2004 - Domain Security
8. MSFT Windows 10 2004 and Server 2004 Member Server - Credential Guard

 

Also, what should be the lining order of the policies? 

 

Thanking you

 

 

 

1 Reply
best response confirmed by sharkee (New Contributor)
Solution

@sharkee -

Apply the IE GPOs to all Windows 10 and Server systems;

Apply anything with "Windows 10" in the name to Windows 10 systems;

Apply anything with "Member Server" in the name to Member servers and to standalone Server systems;

Apply anything with "Domain Controller" in the name to DCs;

Apply anything else with "Server" in the name to Server systems (including DCs, Members, or standalone).

Precedence order between these policies won't matter because there aren't any conflicting settings.

www.000webhost.com