Administrative Templates Section on CIS-CAT Report
Product Name
CIS-CAT Pro Assessor v4
Product Version
All
Date
Apr 3, 2023
Problem
The group policy that is intended to remediate the security concerns for the Administrative Templates (User) section as reported by CIS-CAT do not appear to update unless the CIS-CAT service account (ad\sa-ciscat) has been logged onto the server directly, then had the group policy apply (gpupdate /force) and then the CIS-CAT collection run again.
Is there any way to avoid having to go through the process of signing into each and every server with the service account to have these remediation's reflect in the CIS-CAT report?
Solution
This is expected behavior that can’t be controlled by CIS-CAT. On Windows, user policies will only take effect when a user logs on that is part of a group that receives those policies. The system won’t get updated in any of the hives (which is what Assessor looks at) until one of those users logs on.
A hive is a logical group of keys, subkeys, and values in the registry that has a set of supporting files loaded into memory when the operating system is started or a user logs in.
Keywords; Administrative Templates Windows Policy
Content by Label