Looking for a list of recommended GPO settings to increase the security of your Windows machines (servers and workstations)? Well, I don’t often drop links to other websites unless there’s a really good reason, and the Center for Internet Security present some very good reasons. They have a great program available for download (free trial) that will detect security issues on a Windows computer and give you an (extensive) list of GPO setting recommendations to fix the issue.
I’ve used their oddly named CIS-CAT program once before and found it to be easy to use and produces a very informative list of recommendations to instate GPO settings that you probably haven’t heard of or understand in order to fix Windows vulnerabilities. In this list of recommended GPOs, you also get some information about why it should be set, what to set it to, where you can set it and of course, what it does. What it doesn’t provide is information about how the setting will effect programs running in your environment. That is something that you will have to test and understand after reading the GPO setting information.
What’s also good is that they do a lot of research and the list of GPO settings recommended made by the program grow over time, so you can stay on top of the latest threats that can be prevented with GPO settings.