Log In

Windows Hardening

  1. When "Def. Windows Benchmarks CIS and DOD Analysis" or a policy with type "Windows Security Benchmark" policy is assigned to a group, the "Windows Hardening Analysis" will be performed, and the results will be collected. Please assign this policy to the "Default Group." by "Rules & Policies" -> "Policy Management" -> "Group Management".

  2. Once the initial data is collected, go to Security Assurance -> Hardening & Configuration Management -> Windows Hardening Results by Name to view the hardening analysis results. The device-based view is also available by clicking Windows Hardening Results. On the top of the grid, the buttons "Remediate High-Risk Artifacts" and "Remediate Medium Risk Artifacts" provide a template for applying the most command hardening configurations. When clicked, the results will be filtered.

  3. A test group should be created to test the initial execution of the hardening configurations. The group members can be specified by setting their hostnames, IP ranges, or a custom property in the group settings. Please go to "Rules & Policies" -> "Policy Management "-> "Group Management" to access group management.

  4. The results should be reviewed, and the hardening configurations not being applied can be excluded by creating a classification rule to set the risk score to 0 or a custom value like 25. The "Windows Benchmark Controls Exclude (Clone to Edit)" rule can be cloned, and the hardening configurations not to be applied can be added. Please go to "Rules & Policies" -> "Artifact Classification" -> "Query Based Classification" to access classification rules. When the match conditions are edited inside the rules, the "is one of" condition provides a filter where the artifacts can be selected based on their risk level.

  5. Once the results to be excluded are added to the rule, the hardening controls to be applied can be chosen more easily.

  6. Review the failed hardening controls from the "Windows Hardening Results by Name" grid and assign them to the newly created group using the remediation option on the top left of the grid. "Remediate High-Risk Artifacts" and "Remediate Medium Risk Artifacts" provide a template for applying the most command hardening configurations. When clicked, the results will be filtered. After observing the remediation results on the test group, it can be extended to other devices.

PreviousEnabling In-Depth AnalysisNextRemediation & Response Management

Last updated