This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello Folks,
I am using Microsoft Hyper-V Server 2019 (Version 1809 : OS build 17763.3653)
There are 2 scripts available for Hardening.
*****Link for Cloud Security Best Practice*****
https://raw.githubusercontent.com/Cloudneeti/os-harderning-scripts/master/WindowsServer2019/CSBP_WindowsServer2019.ps1
****Link for CIS benchmark Windows Server****
https://raw.githubusercontent.com/Cloudneeti/os-harderning-scripts/master/WindowsServer2019/CIS_Benchmark_WindowsServer2019_v100.ps1
I am confused which one is better for my server and which one should I use. Please help me to select one of them.
Please help me resolve this issue.
Thanks and Regards,
Vikash Kumar Choudhary
Maybe this one could help.
https://learn.microsoft.com/en-us/azure/defender-for-cloud/apply-security-baseline
--please don't forget to upvote and Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 45%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
This link is probably now incorrect.
It lists only how to use Defender to check OS security settings and how to apply remediations manually.
Do you have new link to MSFT documentation that describes how to setip security baseline for VMs as soon as possible without relying on Defenders clickops capabilities?
Hello Patrick,
Thanks for your reply and suggestion.
I am new to this security role.
I am not understanding about the Windows server hardening concept.
From the 2 options mentioned by me from the last mail, could you please suggest me which is better one and should be used by me.
Please suggest sir.
Thanks and Regards,
Vikash
From the 2 options mentioned by me from the last mail, could you please suggest me which is better one
I'd try asking them here.
https://github.com/Cloudneeti/os-harderning-scripts/issues
--please don't forget to upvote and Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
Hi,
The two scripts look almost the same except that some settings in CIS_Benchmark_WindowsServer2019_v100.ps1, like "Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'" and "Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'" are commented out.
Best Regards,
Ian Xue
-----------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello Sir,
Thanks for clarifying this.
So this means now I can use any of the 2 scripts ?? Am I able to understand this thing right ?
Also if I use one of the above scripts, will my Windows Server 2019 hardening will be complete. Or is there any other script which is better than these 2??
Looking forward for your response.
Thanks and Regards,
Vikash Kumar Choudhary