Problem
I’m currently working on a project and I was asked to create a secure configuration GPO according to CIS Standard.
I’ve noticed that “MSS:” prefixed is not visible in the Group Policy Management Editor , to reveal these setting please perform the following:
(Location: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options)
Solution
- My recommendation is to use a test virtual machine or a test server before proceeding
- Prerequisites:
Please make sure that the following software installed on the server:
- Microsoft .Net Framework 4
- SQL Server installed
- Download Security Compliance Manager (SCM) and install it on the server
http://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx
- After installing SCM, copy “LocalGPO.msi” file from the following path: “C:\Program Files (x86)\Microsoft Security Compliance Manager\LGPO\LocalGPO.msi” to your AD server.
- Run and install the file “LocalGPO.msi” on the AD server.
- Execute the following command: cscript LocalGPO.wsf /ConfigureSCE
- Close and open Group Policy Management Editor and you’ll notice that MSS Prefixed was added!
Idit 🙂