The latest version of the Windows 10 1803 security templates have been released to the public. These are the new Microsoft recommend guidance for securing Windows in an organisation. These settings are normally tighter than the Out of the Box settings, but are normally acceptable in a workplace environment. Historically these used to be available via the Microsoft Security Management Tool, however this has now been depreciated and the new template are only being released via a ZIP file. That being said it is a very comprehensive list of documents, settings and tools that can be used to help with you security settings.
Documentation: This folder has a number of reference documents about the settings including the changes since the last version. This is very handy for keeping track of what guidance has changed
- GPO Reports: These are HTML version of the Group Policy Backups that are provided in the ZIP. They have a full list of all the setting that are applied.
- GPOs: This is a backup of Group Policy Objects that you can import into your own environment that have all the security settings pre-configured. The is a real time saver as you don’t have to transcribe the setting from the documentation.
- Local Scripts: This contains some scripts that are used for undoing some security settings on computer that are non-domain joined. This is handy as non-domain joined computer sometimes need to be managed via local accounts and these scripts will remove these restrictions.
- Templates: These contain a few Group Policy ADMX files that are additional security settings that can be applied. Some of these are not traditional (a.k.a. Managed) Group Policy settings so they are not provide with the Out of the Box ADMX files that come with Windows. These include the Local Admin Password Service (a.k.a. LAPS) policy settings, some of the few remaining MSS security settings or the Microsoft Security Guidance Mitigations (e.g. disabling SMB1) settings.
- WMI Filters: This folder contains two WMI filters that can be imported in as GPO WMI Filter. These definitions are used for targeting Group Policy object explicitly to Internet Explore 11 and Windows 10.
Download the Security Baseline now for Windows 10 1803 now via https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-for-windows-10-april-2018-update-v1803-final/