Got it. The answer to this question is Microsoft Security Compliance Manager (SCM). Formerly called GPO Accelerator.
If you install it, then the tool itself has a bunch of word docs embedded into it, that explains what it is and how to use it. I've pulled the 2012 doc out and put it here for my friends to see: https://dl.dropbox.com/u/543241/Windows%20Server%202012%20Security%20Guide.docx The original is here: http://www.microsoft.com/en-us/download/details.aspx?id=16776 Long story short, this tool knows all the default configurations for a whole bunch of products, including server 2012. And it has various recommended security levels and stuff. You use it to review and merge the diffs that you want, then export a GPO backup, which you can import into Group Policy Manager. From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On Behalf Of Edward Ned Harvey (lopser) Sent: Tuesday, February 19, 2013 12:30 PM To: LOPSA Technical Discussions Subject: [lopsa-tech] AD / GPO / security templates Would anybody like to recommend some resources to a friendly IT person building a new AD infrastructure, who wants to apply a security template of some kind, to set all the things like password policy / expiration / etc... windows update policy, and all the other security-related stuff that's controlled by AD... If I want to do it manually, I can just go down the Windows Server security benchmark at CIS. But I sure as heck don't want to do that level of stuff manually. If I want to pay several grand, I can just pay them for their automated tool. Looking for something in between... Free is nice, but not required. Thanks...
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
