Microsoft has released the new security baseline package for Windows 10 21H2 November 2021 update. This package is called the Microsoft Security Configuration toolkit. The function of the toolkit is to fetch a Microsoft-recommended security baseline for helping admins to regulate and manage enterprise GPOs (Group Policy Objects). This is done without compromising the integrity of the system.
Microsoft defines its Security Configuration Toolkit as follows:
The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects.
The new security baseline, we are talking about, has introduced technologies which will impose restrictions of printer driver installations, and other such functions. The msin motive is to provide protection against Human Operated Ransomware.
In an event of new printer driver installation restriction, this is what Microsoft is up to:
We have added a new setting to the MS Security Guide (Administrative Templates\Printers\Limits print driver installation to Administrators) and enforced the enablement. Note this setting was previously a custom setting in SecGuide.admx/l and has since moved inbox.
According to Microsoft, Tamper Protection can be prevented by the new technology in the following ways:
- Disabling virus and threat protection
- Disabling real-time protection
- Turning off behavior monitoring
- Disabling antivirus (such as IOfficeAntivirus (IOAV))
- Disabling cloud-delivered protection
- Removing security intelligence updates
- Disabling automatic actions on detected threats
Download the Microsoft Security Compliance Toolkit 1.0 here.