For reference, the reference below is an excellent job. Again a reason I post item on this site is because I want to use this information and sadly… sometimes sites disappear. I also do not like good information interfering with my ads… oh wait that’s not me at all. I don’t like ads inserted in the middle of important documentation. At any rate Woshub has been around a while. Any information here might merely be surplus…. and to ensure that this information stays around. The link details Security Harding for Windows Server 2019. No sooner than I wrote the above… it would be two days later and while trying to visit woshub… i get a “Error establishing a database connection”
I am going to list the short version first. For a longer approach you might want to actually compare policies.
Short Version: The first step is to download the baseline file from “Microsoft Security Compliance Toolkit 1.0“
https://www.microsoft.com/en-us/download/details.aspx?id=55319
Download the following
Extract the file creating the following directories.
Create a GPO with a name like “Windows 2019 Server Baseline”. Import the bottom most 3 GPOs. Add a Windows 2019 WMI filter so that this GPO will only apply to WIndows 2019 Servers.
SELECT * FROM Win32_OperatingSystem WHERE BuildNumber = "17763" AND ProductType = "1"
ProductType = 1 is for servers so this might be a bit of overkill.
You are now ready to link the GPO to the “Domain Controllers” GPO.
reference:
http://woshub.com/hardening-windows-using-with-security-baselines/
https://www.microsoft.com/en-us/download/details.aspx?id=55319
https://security.uconn.edu/server-hardening-standard-windows/#