Windows Server 2022 Security Baseline

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

We are pleased to announce the release of the security baseline package for Windows Server 2022!

 

Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and customize / implement as appropriate.

 

Three new settings have been added for this release, an AppLocker update for Microsoft Edge, a new Microsoft Defender Antivirus setting, and a custom setting for printer driver installation restrictions.

 

AppLocker

Now that Microsoft Edge is included within Window Server we have updated the domain controller browser restriction list. The browser restriction list now restricts Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Microsoft Edge. Should additional browsers be used on your domain controllers please update accordingly.

 

Script Scanning

Script scanning was a parity gap we had between Group Policy and MDM. Since this gap is now closed we are enforcing the enablement of script scanning (Administrative Templates\Microsoft Defender Antivirus\Real-time Protection\Turn on script-scanning).

 

Restrict Driver Installations

In July a Knowledge Base article and subsequent patch was released for CVE-2021-34527, more commonly known as “PrintNightmare”. We have added a new setting to the MS Security Guide custom administrative template for SecGuide.admx/l (Administrative Templates\MS Security Guide\Limits print driver installation to Administrators) and enforced the enablement.

 

Please let us know your thoughts by commenting on this post or via the Security Baseline Community.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.