We have a stand-alone win server 2019 that after running the LGPO.exe to import the previous GPO from another machine, our nessus scanner reflecting over 100 non-compliance.
However, if we were to run the baseline script on top of the above, the findings falls to the level that we first saw in the nessus scanner.
The compliance we selected are CIS Microsoft Windows Server 2019 MS, L1 and L2 together.
Wonder if anyone encounter such issue before and was resolve it. Where only 1 full GPO is been exported.