Custom Baselines

This page contains a list of existing GPO baselines and allows you to clone built-in baselines or import an existing GPO as a baseline.

Baselines

The widgets in the upper-right side of the table allow us to;

  • Search: Search the GPO baselines table across all table columns.

  • New Baseline: Create a new GPO baseline by cloning a predefined baseline or importing an existing GPO.

Create new Custom Baseline

The table contains relevant information about the baselines and allows us to perform operations on them using the three-dot button.

General Information

  • Enabled: Current status of the baseline.

  • Type: Name of the organization that created the baseline.

  • Name: Name of the baseline.

  • Operating System: Appropriate Operating System for the baseline.

  • Total Settings: Total settings count of the baseline.

Actions for GPO Baselines

Three-dot button on each row allows us to perform the following operations on a baseline;

  • Edit: Redirects the user to the Edit/View GPO Baseline page. This page allows to modify all configurations and specifications related to the GPO baseline.

  • Clone: Clone the selected baseline.

  • Enable/Disable: Change the status of the selected baseline.

  • Delete: Delete the selected baseline.

Baseline Settings

Edit baseline operations over the data table redirects the user to the Edit GPO Baseline page seen below;

GPO Baseline Settings

The GPO baseline edit page consists of two different configurations, edit baseline name/OS and add/edit setting.

Add/Edit baseline setting

The following table describes each setting type;

Setting Type
Description

Audit Policy

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy.

User Rights

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

Registry Settings

This setting type is used to check the value of a registry key.

Check Registry Setting Exists

This setting type is used to exist check the value of a registry key.

Check Account

This setting type start with "Account:" for value defined in Computer Configuration > Windows Settings > Security Settings > Security Options.

Anonymous SID

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Security Options > Network access: Allow anonymous SID/Name translation.

Kerberos Policy

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Account Policies > Kerberos Policy.

Lockout Policy

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy.

Password Policy

This setting type checks for value defined in Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.

Example

For example, the following figure shows how to add a Registry Setting policy.

Example add new setting

PreviousRSoP ComparisonNextShare Audit

Last updated

Was this helpful?