How do I use the Microsoft Security Compliance Toolkit for Windows 10? RRS feed

  • Question

  • I downloaded the MSCT, but I cannot find any decent documentation on how to use this tool:

    I am assuming that we somehow configure policies, or we export policies and then we use the LGPO.exe tool to import those to baseline a system that we would use to create an image from?

    How does this work for enterprise systems that are members of an AD domain where domain level GPOs are administered?

    Please help.

    Thank you all.

    Tuesday, February 18, 2020 10:39 PM

All replies

  • Hi,

    in entreprise you need add templates with .admx to your gpedit or import it, then you can chose all the parametres you want and apply it on your pc.

    or copy folder gpo to your sysvol\policies\policydefinitions

    Tuesday, February 18, 2020 11:22 PM
  • Hi,


    Since every environment is different, it has to do with what you have and what your users need to be able to do.

    Chrome is a good example, if you use it, make sure you manage it and have it follow your existing policies.


    For more details about security baseline recommendations, you could refer to the Microsoft Security Guidance blog.


    More information please refer to the following article:

    Microsoft Security Compliance Toolkit 1.0

    LGPO.exe - Local Group Policy Object Utility, v1.0


    Hope above information can help you.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Wednesday, February 19, 2020 4:16 AM
  • I guess I am just not asking this right, it would seem. 

    Let me try this one more time. 

    So, I have looked over the sites that you all have recommended even before posting my question, which is why I posted my question to begin with because those sites do not list any well documented info regarding a step by step approach to deploying SCT 1.0. 

    For instance, I want to know more about how the BaselineLocalInstall.ps1 script and the PolicyAnalyzer and LGPO.exe utility all work together for baselining, but there is limited to ZERO documentation on this. 

    Does this make more sense now?

    Thursday, February 20, 2020 2:30 AM
  • Hi,


    You're right. Step by step guide or best practice related documents is limited


    Since the issue is more related with Windows Server Security,I would suggest you ask in the following Forum for better answers:


    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.

    Thank you for your understanding.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, February 21, 2020 6:40 AM