iadgovuser1
commented
7 years ago Noted. The audit file is a little bit behind the latest STIG.
Closed beems closed 7 years ago
iadgovuser1
commented
7 years ago Noted. The audit file is a little bit behind the latest STIG.
beems
commented
7 years ago Thank you.
I manually walked through each individual setting in the STIG after applying the SHB (checking each registry value, checking each GP seting). With that said, I've only come across the following settings in the STIG that weren't configured by the SHB application. Everything else looks great, so thank you for this.
iadgovuser1
commented
7 years ago For WN10-CC-000206, 2 is also an acceptable value. Latest Windows 10 STIG (R8) addresses this: "Value: 0 (Disabled), 1 (Peers on same NAT only) or 2 (Local Network / Private Peering)".
Here is Microsoft's documentation for that registry value: https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization#download-mode
iadgovuser1
commented
7 years ago WN10-CC-000197 was not supposed to be in the Windows 10 STIG. It was only in the Microsoft Security Baseline. It looks like it was added to the Windows 10 STIG in R7. It isn't a security setting. It is more of a convenience setting to prevent an annoyance. I'm surprised it was added.
Can we please have the
'\Windows\Compliance\Windows10.audit'updated to include Build 1703 (Creator's Update) in the CB check (WN10-00-000040: Systems must be maintained at a supported servicing level)