how to add missing gpo settings in SCM 4? RRS feed

  • Question

  • hi,

    we are planning our gpos for windows 10 and stumbled onto SCM which seemed to be a great tool with preconfigured baselines and we thought we would just have to adjust them and be done.

    Sadly, some settings are not available in the baselines - does anyone know why?

    In this example, I tried to enable "Computer Configuration\Administrative Templates\System\KDC\Warning for large Kerberos Ticket" but couldnt find it in any baseline provided by Microsoft. I tried several:

    - Windows 10 version 1607
    - Windows 10 version 1511
    - Windows Server 2012

    The global search in SCM also didn't find that setting.

    So I created a gpo "gpo-test" in the group policy management console of our domain controller which contains this setting, exported it via GPMC and imported it into SCM, which worked fine. Then I tried to somhow get this setting into the Windows 10 version 1607 baseline, which I duplicated before.

    Sadly, this doesn't seem to be possible:
    - I tied compare / merge, but although it realizes, that this setting is only in my gpo "gpo-test" and not in the Microsoft baseline, but there is no option to merge them.

    - I tried to add the setting to the duplicated microsoft baseline - cannot select my baseline as a product"

    Is this even possible?


    • Edited by gnargor Thursday, July 6, 2017 11:43 AM
    Thursday, July 6, 2017 11:41 AM

All replies

  • anyone?
    Tuesday, July 18, 2017 11:18 AM
  • No, it is not. I have complained about this multiple times with MS, but they just ignore. They assume people only want to use their security settings.

    Yes, it is stupid and terrible. It used to be a great tool, and still is -- for OSes that are 10 years old.

    • Edited by KBFTW Tuesday, July 18, 2017 6:53 PM
    Tuesday, July 18, 2017 6:53 PM