Hardening Windows Installations - Security Baselines - Part 4

With the Microsoft Security Compliance Toolkit downloaded, combining the items staged and downloaded starts becoming more of a reality. The screenshot below is a download of the tools discussed earlier, which are the LGPO and Windows 11 v23H2 Security Baseline, both in a compressed zip file.

The ConnectWise WebDAV discussed earlier will require a staged folder in the Transfer folder for combining the tools into one location, which in this case will be the SecurityBaseline folder highlighted in the screenshot below. Placing any of the items outside of the Transfer will result in items failing to download.

Once the files are transferred through a simple copy and paste the files will appear within the SecurityBaseline folder.

With the files uploaded, right clicking on the LGPO.zip will bring up a Windows Security dialog box warning how dangerous the files can be. In this situation, hit OK to continue.

Once clicked, the sub-context menu appears where the Extract All option can be selected.

Which when selected begins the decompression process to extract the file. In this scenario the LGPO.zip file is being decompressed to complete the path for the download to the LGPO.exe as was shown in the previous blog post.

Which will look like the following screenshot. Starting to look familiar?

It should, as this should staying laying out and match our script where we downloaded the LGPO.exe in the previous blog.

As a final step for this blog post, since the Script window is open, setting the Script Note and File Download functions appropriately will enable the next steps. The remark can be left up to personal preferences, but the function File Download should match to the screenshot below for the Local File and Destination Path.