Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


Product Name

CIS-CAT Pro Assessor v4

Product Version

All

Date



Problem

The group policy that is intended to remediate the security concerns for the Administrative Templates (User) section as reported by CIS-CAT do not appear to update unless the CIS-CAT service account (ad\sa-ciscat) has been logged onto the server directly, then had the group policy apply (gpupdate /force) and then the CIS-CAT collection run again.

Is there any way to avoid having to go through the process of signing into each and every server with the service account to have these remediations reflect in the CIS-CAT report?

Solution

this is expected behavior that can’t be controlled by CISCAT. On Windows, user policies will only take effect when a user logs on that is part of a group that receives those policies. So you won’t get updated in any of the hives (which is what Assessor actually looks at) until one of those users logs on

Highlight important information

Keywords;

Content by Label


Copyright © 2020

Center for Internet Security®


  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.