I have quite a serious issue (it feels like it to me anyway!)
I am securing a baseline for a client - we are using 2012 R2. The existing policy and baseline (for 2k8) has the MSS settings in it. However from what I can see there is no way to apply these to 2012 R2 because SCM is not compatible with 2012 R2.
I thought I would sort this by simply finding registry key entries for the associated MSS configs (rationale for this attempted approach is that some of the MSS settings are showing up in the registry) but the keys dont match up (I am using the Win 2012 R2 baseline from Centre for Internet Security).
What I need is a way to get the configuration of the MSS items into the R2 build, and my problem is that 2012 r2 is not supported by SCM 3.0?
I am guessing now that I will have to roll another box which supprts SCM and then get the MSS settings built into the local policy there and then use that policy as the baseline. Before I embark on that step i just want to make sure that will work, and that I wont have any issues with the MSS settings when I try and apply them to an R2 box?
Finally, have I got this wrong or have MS released 2012 R2 without providing any means to apply some key security settings?
Finally finally :-). I am really really just shocked at how - well - crummy this whole MSS config thing is. MS Should have been baking these settings into every OS since 2008 surely. Why on earth would they make people install tooling - or wait for tooling which is completely unnecessary.