Wednesday, September 8, 2021

Windows Server 2022 Security Baseline

We are pleased to announce the release of the security baseline package for Windows Server 2022!


Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and customize / implement as appropriate.


Three new settings have been added for this release, an AppLocker update for Microsoft Edge, a new Microsoft Defender Antivirus setting, and a custom setting for printer driver installation restrictions.



Now that Microsoft Edge is included within Window Server we have updated the domain controller browser restriction list. The browser restriction list now restricts Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Microsoft Edge. Should additional browsers be used on your domain controllers please update accordingly.


Script Scanning

Script scanning was a parity gap we had between Group Policy and MDM. Since this gap is now closed we are enforcing the enablement of script scanning (Administrative Templates\Microsoft Defender Antivirus\Real-time Protection\Turn on script-scanning).


Restrict Driver Installations

In July a Knowledge Base article and subsequent patch was released for CVE-2021-34527, more commonly known as “PrintNightmare”. We have added a new setting to the MS Security Guide custom administrative template for SecGuide.admx/l (Administrative Templates\MS Security Guide\Limits print driver installation to Administrators) and enforced the enablement.


Please let us know your thoughts by commenting on this post or via the Security Baseline Community.

Posted at