Closed hgj44d closed 7 months ago
Hi, You can disable them by simply running the Microsoft Security baselines category (without optional overrides). After that, you can use the group policies I described in that page to hand pick which overrides you want to apply, if any.
I added the PowerShell command to the number 7, that's what the script uses to re-enable it. For number 5, you need to use the zip file, you will find the relevant files in the following folder
Security-Baselines-X\Overrides for Microsoft Security Baseline\
The service status are set using group policy. You can use this article to open up .pol files.
People that don't want to use the hardened system for gaming can simply run the Microsoft Security baselines without optional overrides. It's not forced, there are options, but putting every single override in its own subcategory sounds unnecessary and messy, it would be as if I'm reinventing the group policy editor again.
Thanks for replying!
I now don't run the overrides subcategorie and only apply some overrides manually. I noticed that on policy number 3 the text is different than the screenshot. On the screenshot you change 3 values to Yes and on the text you suggest to change only one value to No. I guess the screenshot is the correct one?
@hgj44d of course ^^ You're right, the explanation needed improvement so i changed that now, please take a look again
I applied the Optional overrides for Microsoft Security Baseline with your PowerShell script, but now I want to disable all Xbox related features in the optional overrides. This would be setting number 5 and setting number 7, but I was not able to find any information where I can find the group policy or setting.
Can you please add more information to Number 5 and 7, so that I'm able to disable it?
Another suggestion would be to have the option in your PowerShell script to select which overrides should apply, because I could imagine that many people don't want to use their hardened, high-security computers for gaming.