Deploy Windows Server 2025 security baselines locally with OSConfig
Install-Module -Name Microsoft.OSConfig -Scope AllUsers -Repository PSGallery -Force
The security baselines can be configured through PowerShell, Windows Admin Center, and Azure Policy. The OSConfig tool is a security configuration stack that uses a scenario-based approach to deliver and apply the desired security measures for your environment. The security baselines throughout the device life cycle can be applied using OSConfig starting from the initial deployment process.
To verify that the OSConfig module is installed, run the following command:
Get-Module -ListAvailable -Name Microsoft.OSConfig
Here we check the Baseline Security Compliance:
Get-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer | ft Name, @{ Name = “Status”; Expression={$_.Compliance.Status} }, @{ Name = “Reason”; Expression={$_.Compliance.Reason} } -AutoSize -Wrap
You will see that the Security Baseline is not Complaint.
Set-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer -Default
Get-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer
Now we do the Security Baseline Compliance Check again:
Get-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer | ft Name, @{ Name = “Status”; Expression={$_.Compliance.Status} }, @{ Name = “Reason”; Expression={$_.Compliance.Reason} } -AutoSize -Wrap
Conclusion
With OSConfig you can set the default of Microsoft Security Baseline in a quick way. It’s important to test everything first in a test environment before you set these settings in production. Here you find more information on GitHub
You can make also your own custom Security Baselines with OSConfig.
Keep your Microsoft Security Baseline up-to-date 
virtualization,System Center,microsoft
via Cloud and Datacenter Management Blog https://ift.tt/ksHAPGl
December 28, 2024 at 03:37PM
James van den Berg
Stack IT News 