As we all know, there are certain published standards for things like Windows Security and Group Policy that companies can use as baselines for their systems; standards such as the CIS Security Configuration Benchmarks. These standards often mandate the configuration of certain GPO settings that fall under the “MSS” category which do not appear in the Security Configuration Editor or Group Policy Management Editor by default.

In order to add these settings so that you can easily configure them without screwing around in the registry or writing your own ADMX templates, you can download and import them as part of the Microsoft Security Compliance Management Toolkit. Unfortunately, getting access to this toolkit requires the installation of the Management software with its associated requirement of a SQL Express instance, which is ludicrous.

So, I am including below, the WSF script that is required to import these settings into the Group Policy Editor on a given 7/2K8R2 machine (and probably Vista/2K8 as well, but I haven’t tried it). Use cscript LocalGPO.wsf /ConfigSCE to import the settings, which will then appear under “Computer Configuration->Policies->Windows Settings->Security Settings->Local Policies->Security Options” in the Group Policy Editor (Or the appropriately reduced path in the Security Configuration Editor).

Download LocalGPO.wsf

If you’re dumb enough to download and run a VBScript from an untrusted source without doing the usual safety checks then you probably shouldn’t be using this kind of “hack” in a production environment (in fact, you probably shouldn’t be allowed near a production environment in the first place…).