Custom Baselines

This page contains a list of existing GPO baselines and allows you to clone built-in baselines or import an existing GPO as a baseline.

Baselines

The widgets in the upper-right side of the table allow us to;

  • Search: Search the GPO baselines table across all table columns.

  • New Baseline: Create a new GPO baseline by cloning a predefined baseline or importing an existing GPO.

Create new Custom Baseline

The table contains relevant information about the baselines and allows us to perform operations on them using the three-dot button.

General Information

  • Enabled: Current status of the baseline.

  • Type: Name of the organization that created the baseline.

  • Name: Name of the baseline.

  • Operating System: Appropriate Operating System for the baseline.

  • Total Settings: Total settings count of the baseline.

Actions for GPO Baselines

Three-dot button on each row allows us to perform the following operations on a baseline;

  • Edit: Redirects the user to the Edit/View GPO Baseline page. This page allows to modify all configurations and specifications related to the GPO baseline.

  • Clone: Clone the selected baseline.

  • Enable/Disable: Change the status of the selected baseline.

  • Delete: Delete the selected baseline.

The checkboxes that can be found on the left side of the list can be used to perform bulk operations on the selected custom baselines.

Allowed operations are;

  • Delete: Delete the selected custom baselines

  • Delete All: Delete all custom baselines from the table

Custom GPO Baselines Bulk Delete

Baseline Settings

Edit baseline operations over the data table redirects the user to the Edit GPO Baseline page seen below;

GPO Baseline Settings

The GPO baseline edit page consists of two different configurations, edit baseline name/OS and add/edit setting.

Add/Edit baseline setting

The following table describes each setting type;

Setting Type
Description

Audit Policy

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy.

User Rights

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

Registry Settings

This setting type is used to check the value of a registry key.

Check Registry Setting Exists

This setting type is used to exist check the value of a registry key.

Check Account

This setting type start with "Account:" for value defined in Computer Configuration > Windows Settings > Security Settings > Security Options.

Anonymous SID

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Security Options > Network access: Allow anonymous SID/Name translation.

Kerberos Policy

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Account Policies > Kerberos Policy.

Lockout Policy

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy.

Password Policy

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.

Example

For example, the following figure shows how to add a Registry Setting policy.

Example add new setting

PreviousRSoP ComparisonNextShare Audit

Last updated

Was this helpful?