I do not have the 24H2 security baseline yet. I am looking forward to getting and testing it. I hope it resolves two issues with the 23H2 security baseline that I have encountered. Both issues cause the CIS Benchmark Assessment tool to give us a “Fail” on several required settings.
- The setting, Administrative Templates – Network > Network Provider – Hardened UNC Paths, is written incorrectly in the registry. The Name and Data values are reversed and only one of the two required paths are added to the registry.
- The setting, Hide Exclusions from Local Admins setting, blocks access to \HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager in the registry, when it is enabled. This causes the CIS Benchmark Assessment tool to report “Fail” on nine required settings because the tool cannot access this path to verify they are set correctly.
Microsoft
