none
What is the exact LocalGPO script to implement Customized SCM Baselines into servers RRS feed

  • Question

  • Hi All, Currently, I'm planning to implement nearly 90topics of security policies into my Windows Server 2008 R2 - 64Bit Server. After CISCAT test, I did it all of them manually but you know, it is impossible to implement all these procedures to 20servers as manually. After playing a bit with Microsoft SCM, I've created and exported my GPO but I've no idea how to implement my Customzied SCM Baseline into servers with using LocalGPO Tool. Could you please tell me what is/are the exact/normal LocalGPO tool command line prompts for implementing my customized Baseline. Many thanks.
    Monday, September 12, 2011 5:04 PM

Answers

  • Serhat,

    I can't tell you the exact command because I don't know the path to your GPO backup. The LocalGPO Tool is documented in the SCM help content, the command is going to be cscript LocalGPO.wsf /Path:<path>, but you have to specify the correct path to the GPO backup.


    Kurt Dillard http://www.kurtdillard.com
    Thursday, September 15, 2011 4:41 PM
    Moderator

All replies

  • Serhat,

    I can't tell you the exact command because I don't know the path to your GPO backup. The LocalGPO Tool is documented in the SCM help content, the command is going to be cscript LocalGPO.wsf /Path:<path>, but you have to specify the correct path to the GPO backup.


    Kurt Dillard http://www.kurtdillard.com
    Thursday, September 15, 2011 4:41 PM
    Moderator
  • Kurt, thanks so much for your answer. I also found quite useful informations from below URL; http://blogs.technet.com/b/secguide/archive/2011/07/05/scm-v2-beta-localgpo-rocks.aspx 1st step: Backup with LocalGPO before customizing with SCM However, before applying any security policy with using SCM, I opened LocalGPO and exported current OS's GPOs which are default installation of WinServer 2008 R2 as a backup 2nd step: Creating Baseline with SCM After that, I played a bit with SCM Win Server 2008 R2 Baseline and exported it. After all applied it with right LocalGPO commands and it worked. Thats cool but... Issue: After that, I tried to rollback to old OS System settings when created it in step#1 with LocalGPO. I've executed same LocalGPO command context but it didn't applied/rolled back to old settings according to CISCAT Benchmarks tests. Any Idea?
    Friday, September 16, 2011 4:55 PM
  • Serhat,

    Without knowing the exact commands you used I'm not sure that I can help you. I haven't experienced a problem like what you describe. Is the computer joined to a domain? If it is, its receiving settings via AD group policy too.


    Kurt Dillard http://www.kurtdillard.com
    Monday, September 19, 2011 11:53 AM
    Moderator