Hello @James Ander ,
Thank you for your patience.
Here are the answers for your references.
What is the best practice process (steps) for implementing Windows Server 2016 hardening using SCT (Security Compliance Toolkit)?
- Download the corresponding version of security baseline.
- Check if you need to export ADMX or ADML file to DC.
- Creat an OU and put one machine to this OU (for test).
- Create an new GPO and link this GPO to the OU above.
- Export the GPO settings from download you want to this new GPO.
How do we verify if SCT implemented properly and it works? Is there a tool that we can use to check?
- After you deploy the GPO.
- Run gpupdate /force on the machine in the OU or restart the machine in the OU.
- Open CMD and run as Administrator, run gpresult /h C:\report.html and click Enter to check GPO settings.
- Or check if the corresponding registry value of the GPO settings changes.
In case of issues encountered, what is the recommended way to roll-back and restore previous working settings?
A:You can unlink the new GPO or delete the new GPO.
Tip: It is recommended to test in the test environment first, if successful, then deploy it in the production environment.
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
If the Answer is helpful, please click "Accept Answer" and upvote it.