└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # Microsoft-Security-Baselines
 2 | 
 3 | This area is dedicated to security baselines. 
 4 | 
 5 | Windows Server 2016 Member Server
 6 | =================
 7 | The following policies are alterations suggested if using Windows Server 2016 baselines downloaded from the Security Compliance Toolkit download area: https://www.microsoft.com/en-us/download/details.aspx?id=55319
 8 | 
 9 | **Enable Oracle Remediation to Force Updates Clients Protection Level**
10 | 
11 | Computer Configuration > Policies > Administrative Templates > System > Credentials Delegation > Encryption Oracle Remediation
12 | 
13 | **Disable SMB1 Server**
14 | 
15 | Computer Configuration > Policies > Administrative Templates > MS Security Guide > Configure SMBv1 Server
16 | 
17 | **Enable SMB1 Client Driver Disable Driver (recommended)**
18 | 
19 | Computer Configuration > Policies > Administrative Templates > MS Security Guide > Configure SMB v1 client driver
20 | 
21 | **Turn off Multicast Name Resolution**
22 | 
23 | Computer Configuration > Policies > Administrative Templates > Network > DNS Client > Turn off multicast name resolutio
24 | 
25 | **Disable Netbios**
26 | 
27 | Computer Configuration > Administrative Templates > MS Security Guide > NetBT NodeType configuration
28 | "P-Node(recommended)"
29 | 
30 | **Enable Extended Protection for LDAP Authentication (Domain Controllers Only) Enabled, Always (recommended)**
31 | 
32 | Computer Configuration > Administrative Templates > MS Security Guide > Extended Protection for LDAP Authentication (Domain Controllers Ony) 
33 | 


--------------------------------------------------------------------------------