Microsoft Security baseline for Windows 10 v1903 and Windows Server 2019 v1903

Microsoft published the final release of the security configuration baseline settings for Windows 10 v1903 and Windows Server 2019 (core) v1903.

Some of the changes:

  • Enabling the new “Enable svchost.exe mitigation options” policy
  • Configuring the new App Privacy setting
  • Disabling multicast name resolution (LLMNR) to mitigate server spoofing threats.
  • Restricting the NetBT NodeType to P-node
  • Correcting an oversight in the Domain Controller baseline by adding recommended auditing settings for Kerberos authentication service
  • Dropping the password-expiration policies that require periodic password changes
  • Dropping the specific BitLocker drive encryption method and cipher strength settings
  • Dropping the File Explorer “Turn off Data Execution Prevention for Explorer” and “Turn off heap termination on corruption” settings

Additional changes:

  • Dropping the enforcement of the default behavior of disabling the built-in Administrator and Guest accounts
  • Dropped a Windows Defender Antivirus setting that applies only to legacy email file formats.
  • Changed the Windows Defender Exploit Protection XML configuration

More info: Microsoft Security Guidance blog | Technet
Download: Microsoft Security Compliance Toolkit 1.0

Leave a Reply

Your email address will not be published. Required fields are marked *