In these modern workplace days many companies are in a transition from classic on prem envirioment to cloud services or aiming for a hybrid setup. But sometimes we still need to have the good old classic Active Directory and Group Policy Management in use, to handle our Windows 10 clients that can`t hybrid Azure AD joined via AD connect or being a part of Windows AutoPilot enrollment for certain reasons.
TIP: Windows AutoPilot Hybrid AD Join, is now available with Windows 10, version 1809 (or later)
When importing Microsoft Security Baseline Policy in a classic envirioment, the first thing to do is download the right Windows 10 build that your devices are using. In this case the devices are running Windows 10 1809.
Go to : https://www.microsoft.com/en-us/download/details.aspx?id=55319 and download the right build in this case Windows 10 verison 1809:
Now save the zip file to the Windows 10 client desktop and extract the zip files on the same location:
Now go to the folder and see the content that just been extracted, GPOs folder is that content that are gonna be used in this case:
Anyway copy the hole main folder to your domain controller or tool server.
TIP: Domain function and forrest level must at least be a server 2008 R2 if Windows 10 devices on day should be Hybrid Azure AD joined with AD connect or AutoPilot.
Now open Group Policy Management and make a new GPO in Group Policy Objects. In this case the policy is named Windows 10 Security Baseline – Computer:
Now right click on the newly created GPO and select Import settings:
The next step is just next, next until it ask about backing up the settings for the GPO, well we just created a new blank GPO so no backup is needed. “But if using an existing GPO with settings, make a backup first if your wish to keep those setting!.”
Browse down to the folder that just been copyied and select GPOs folder and click OK and then click Next:
This selection is important to get right, and in our case we need to go for MSFT Windows 10 1809 – Computer (This means we only imports Computer settings and the GPO automatically will disabled User settings) click Next:
Select Copying them identically from source and click Next:
Now the Windows 10 1809 Security Baseline computer settings are imported successfully Click Finish:
The new GPO can now be linked to a Windows 10 OU structure for test purpose.
TIP: Repeat the same steps for import of User settings etc.