A technical question for implementing CIS's Windows XP ProfessionalBenchmark

A

a_monk

There are <not defined> for some security settings in the Benchmark,
e.g., Shutdown: Clear Virtual Memory Pagefile, instead of disabled or
enabled.

What does <not defined> mean? What happens if this "<not defined>"
value is implemented?
Does it mean that the setting is neither enabled nor disabled? So what
is the "net outcome"?
What is/are the consequences of having a <not defined> in the setting?

Any information/ pointers will be much appreciated.

Thanks,

DFox
 
V

v2win

RE: A technical question for implementing CIS's Windows XP Professiona

Not sure if I understand what exactly you are trying to implement, but your
question appears to be related to Group Policy settings.

GPOs are processed in this order: local machine -> AD Site -> AD Domain ->
AD OU within each of those, the machine policy processes before user policy.

The last policy to process determines the final setting for a parameter,
with certain exceptions. For example, a Domain Admin may need to ensure
critical policies are not overruled by an OU policy, so the domina policy may
be set to no-override, or enforced. However, if a setting is undefined in a
higher level policy, with enforced enabled, later policies may define that
setting. This is one useful reason for the undefined value, and I believe it
also permits policy processing to occur at a faster pace, because not all
parameters are actually being applied - evidence of this can be seen in the
GUI display results of RSoP.msc. Only applied policy settings appear in the
console, unlike when setting policy with Gpedit.msc.

Does this address your issue?


--
V2


"a_monk" wrote:

>
> There are <not defined> for some security settings in the Benchmark,
> e.g., Shutdown: Clear Virtual Memory Pagefile, instead of disabled or
> enabled.
>
> What does <not defined> mean? What happens if this "<not defined>"
> value is implemented?
> Does it mean that the setting is neither enabled nor disabled? So what
> is the "net outcome"?
> What is/are the consequences of having a <not defined> in the setting?
>
> Any information/ pointers will be much appreciated.
>
> Thanks,
>
> DFox
>
 
You must log in or register to reply here.

Similar threads

K
Auto Disable Accounts not logon for 15 days / but we have a technical challenge - Need yout kind support to meet our requirement.
Replies
0
Views
45
KauveryHospital
K
V
How to preview: Azure Arc-connected Hotpatching for Windows Server 2025
Replies
0
Views
45
VishalBajaj
V
T
How do I stop the copilot sidebar from constantly appearing - Windows 10
Replies
0
Views
50
Tanstaalf
T
S
  • Article
Windows 365 at three years: Customer-centric solutions for security, management and productivity
Replies
0
Views
65
Scott Manchester
S
E
Microsoft - can you please create a dark mode for SSMS that doesn't require a work around method/admin rights?
Replies
0
Views
33
ERIKA H_
E
Back
Top Bottom