none
Not Defined Critical(EC) policies

    Вопрос

  • Hi

    I'm trying to implement all former EC policies, by sorting after Critical severity and removing all other policies in the list.(winsrv2008r2sp1)
    What i don't understand, am I suppose to define all settings which is Not Defined to be compliant?

    Thanks in advance

    Best regards

    JFK

    27 февраля 2012 г. 20:41

Ответы

  • JFK,

    We included those settings in the critical category because they are very important and most organizations should consider implementing them. We didn't prescribe specific values for them for various reasons. For example, under the member server baseline, some of the critical settings are only relevant to domain controllers. There are other settings that require information specific to the organization like the setting "Interactive Logon: Message text for users attempting to log on." There are other settings for which that we are reluctant to prescribe specific values because we don't want to cause interoperability issues or a large volume of extra work that the IT team isn't prepare for. The series of settings with the "Network Security: Restrict NTLM..." prefix are what I'm talking about. What I'm trying to say is that you need to examine each of these settings and determine whether or not each is something that your organization should implement.

    regards,

    Kurt


    Kurt Dillard http://www.kurtdillard.com

    • Предложено в качестве ответа Kurt DillardModerator 28 февраля 2012 г. 15:17
    • Помечено в качестве ответа J F K 28 февраля 2012 г. 15:21
    28 февраля 2012 г. 15:17
    Владелец

Все ответы

  • JFK,

    We included those settings in the critical category because they are very important and most organizations should consider implementing them. We didn't prescribe specific values for them for various reasons. For example, under the member server baseline, some of the critical settings are only relevant to domain controllers. There are other settings that require information specific to the organization like the setting "Interactive Logon: Message text for users attempting to log on." There are other settings for which that we are reluctant to prescribe specific values because we don't want to cause interoperability issues or a large volume of extra work that the IT team isn't prepare for. The series of settings with the "Network Security: Restrict NTLM..." prefix are what I'm talking about. What I'm trying to say is that you need to examine each of these settings and determine whether or not each is something that your organization should implement.

    regards,

    Kurt


    Kurt Dillard http://www.kurtdillard.com

    • Предложено в качестве ответа Kurt DillardModerator 28 февраля 2012 г. 15:17
    • Помечено в качестве ответа J F K 28 февраля 2012 г. 15:21
    28 февраля 2012 г. 15:17
    Владелец
  • Thank you

    I will examine each of these settings

    JFK

    28 февраля 2012 г. 15:23
  • If you have more questions or suggestions please let us know. Also note that SCM 2.5 is currently in Beta and that we hope to publish the final version very soon.

    Kurt Dillard http://www.kurtdillard.com

    28 февраля 2012 г. 15:53
    Владелец
  • Can you elaborate on 'very soon'?

    Are we talking, a week or two? A month or two?

    Thanks in advance!
    -Mike

    28 февраля 2012 г. 16:24
  • Mike;

    I'm sorry but I'm not allowed to speculate. I'm just a consultant to Microsoft, not a fulltime employee and usually I'm not authorized to discuss dates for any projects or products.

    Kurt


    Kurt Dillard http://www.kurtdillard.com

    28 февраля 2012 г. 16:30
    Владелец