Hi @Shi Hao
when does the revert of values happen? Randomly while the device is on, or after restart/reboot?
The changes really depend on what you are using the server for. In most cases the SYSTEM built-in user has Full Control rights to update registry entries based on what applications, devices or other conditions or requirements it sees on the system.
Your options here is to deny the SYSTEM account access to the registry entries that you want to keep (not an option I would take and if you choose to do this, ensure you have a backup of your server including the registry in case of issues), or else run a regular Scheduled Task on your server to run LGPO to apply the CIS Hardening Template to maintain the hardening standards you wish to maintain.
Hope this helps,
Thanks
Michael Durkan
- If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!