Defrag Tools #173 - Troubleshooting with the Windows Sysinternals Tools, 2nd Edition
Play Defrag Tools #174 - Security Baseline, Policy Analyzer and LGPO
Description
In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis. We talk about the Security Baseline for Windows 10. We also look at the Policy Analyzer and Local Group Policy Objects (LGPO) tools.
Resources:
Microsoft Security Guidance Blog
Policy Analyzer v3.1
Local Group Policy Objects (LGPO)
Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog
Troubleshooting with the Windows Sysinternals Tools, 2nd Edition
Download
The Discussion
-
MariaHamilton Just check your mother hasn't already got it...
-
Benayou This is a great episode. Especially the Policy Viewer and LGPO tools. Good Job Aaron.
-
mahendra Can we apply the security and audit setting to local policy using policy analyzer or LGPO.
-
Aaron Margosis LGPO can apply settings. Policy Analyzer is a "read-only" tool - it doesn't apply settings, just reports on them.
-
Paul Howells what emulates win 10 OS ?
-
System Auditor In the video Aaron mentions that some of the baseline security settings go to undocumented areas of the registry. Therefore when running "Compare local registry" not all of the values set by the baseline security stuff can be read by the tool.
That means:
1. It is not possible to check whether all of the baseline security settings were set correctly or not (since some are in hidden areas of the registry and can therefore not read out).
2. Let's say I want to audit a Windows system which joined a domain. I'd like to know if the baseline security settings provided by Microsoft were applied. From my understanding I'm not able to verify that for all settings, without having a Backup of the GPOs from domain controller. Since just comparing against the registry, doesn't give me all the values.
Is that correct? -
AaronMargosis @System Auditor:
User rights assignments and many other security options land in HKLM\Security, where only the System account is allowed and the data formats are undocumented. The way to validate settings is with low-level APIs or with secedit.exe /export.
The next version of Policy Analyzer will offer a better way to validate current system state against baselines. -
System Auditor @Aaron
I'm impressed that you answered that fast. Very much apprechiated!
Let me summarize that:
I can use the "Compare local registry" feature to compare against selected baselines. Since that doesn't allow to also compare stuff under HKLM\Security, I would need to export via
secedit.exe /export /cfg export.inf
and compare the values with the ones in the baseline. Then every settings should have been covered.
Correct? -
Unex It would be great if someone could confirm or correct the last comment of System Auditor. I have the same question.
More episodes in this series
Defrag Tools #175 - Debugging the Network Stack
Related episodes
Using AzureAD B2C for authenticating users
TechNet Radio: Direct from Tech Ed 2007 Part Two
TechNet Radio - Upgrading to Vista: A Customer’s Story
Protect your critical Azure resources with Microsoft Azure Firewall
Securely deliver mission critical apps with Azure Front Door
Azure Defender for IoT - THE Demo
Remote Zero Trust device management with Microsoft Surface
Working with Azure AD B2C in ASP.NET
Time to prepare for TLS Root CA migration on Azure IoT
Azure Landing Zone - First Step in Setting up Azure for your Enterprise
