November 08, 2024
CIS Templates are generated by CIS. SmartProfiler leverages below CIS Templates for checking GPO Settings on Domain Controllers and Member Servers.
NIST/CIS Settings can be added to Assessment Report so an assessment report for Active Directory is provided with CIS/NIST Settings that customers need to address.
The CIS/NIST Analyzer allows you to create multiple templates. For example, you can create a Template which applies to a single domain in AD Forest and then execute the template to check the status of all settings.
All settings configured in a Template are checked in each GPO to ensure they are configured according to the CIS/NIST Standards. If a setting is not configured correctly or not found at all, resepective setting is marked as Failed.
By using SmartProfiler’s CIS/NIST Analyzer you can know what all settings have not been configured correctly rather than checking all settings in Group Policy Objects manually. All Templates processed by CIS/NIST Analyzer takes about 1 hour to check all GPO and produce a report.
If a setting is not configured the console reports “Not Found”. If a setting does not match with the value configured in the template then console reports “Failed”. If a setting is passed the console reports “Passed”. However, for User Rights Assignments, console highlights what needs to be rectified.
DownloadSmartProfiler supports checking CIS Settings for Windows Server 2022, Windows Server 2019, Windows Server 2012 R2 and Windows Server 2012.
CIS/NIST Analyzer can check all GPO settings defined in a template.
It depends on the number of Group Policy Objects in the Active Directory forest. We have seen it taking 2 hours for 800 Group Policy Objects.
All GPO Settings that are checked by the CIS/NIST Analyzer can be reported in an Excel or HTML, but to fix all GPO Settings you are required to fix them manually under a change control to ensure no impact on domain controllers and member servers.
If you’re really looking for an Active Directory security assessment tool, download SmartProfiler and perform an assessment. This will assist you in identifying security, health, and configuration problems.
The health and misconfiguration assessment feature of SmartProfiler can be very useful in demonstrating that your environment does not use Microsoft’s suggested settings.
The best feature of SmartProfiler is that it can perform the assessment without a Global Admin account and without needing the registration of an Azure AD application. Because it only required a Global Reader Account, we were able to use the tool effectively for our clients and clients could allow us to conduct the assessment!
SmartProfiler's advanced assessment parameters really gives you insights about your Active Directory environment and make sure every risk is mitigated.
Lorem, ipsum dolor sit amet consectetur adipisicing elit. Doloribus quam neque quibusdam corrupti aspernatur corporis alias nisi dolorum expedita veritatis voluptates minima sapiente.