Custom Baselines
Last updated
Was this helpful?
Last updated
Was this helpful?
This page contains a list of existing GPO baselines and allows you to clone built-in baselines or import an existing GPO as a baseline.
The widgets in the upper-right side of the table allow us to;
Search: Search the GPO baselines table across all table columns.
New Baseline: Create a new GPO baseline by cloning a predefined baseline or importing an existing GPO.
The table contains relevant information about the baselines and allows us to perform operations on them using the three-dot button.
Enabled: Current status of the baseline.
Type: Name of the organization that created the baseline.
Name: Name of the baseline.
Operating System: Appropriate Operating System for the baseline.
Total Settings: Total settings count of the baseline.
Three-dot button on each row allows us to perform the following operations on a baseline;
Edit: Redirects the user to the Edit/View GPO Baseline page. This page allows to modify all configurations and specifications related to the GPO baseline.
Clone: Clone the selected baseline.
Enable/Disable: Change the status of the selected baseline.
Delete: Delete the selected baseline.
Edit baseline operations over the data table redirects the user to the Edit GPO Baseline page seen below;
The GPO baseline edit page consists of two different configurations, edit baseline name/OS and add/edit setting.
The following table describes each setting type;
Audit Policy
This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy.
User Rights
This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
Registry Settings
This setting type is used to check the value of a registry key.
Check Registry Setting Exists
This setting type is used to exist check the value of a registry key.
Check Account
This setting type start with "Account:" for value defined in Computer Configuration > Windows Settings > Security Settings > Security Options.
Anonymous SID
This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Security Options > Network access: Allow anonymous SID/Name translation.
Kerberos Policy
This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Account Policies > Kerberos Policy.
Lockout Policy
This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy.
Password Policy
This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.
For example, the following figure shows how to add a Registry Setting policy.
