Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only Facing Login Issue on Healthy VM on Azure Windows Server 2022 after applying cis_microsoft_windows_server_2022_21h2_1.0.0_machine.csv and cis_microsoft_windows_server_2022_22h2_2.0.0_machine.csv settings in default mode itself. #167

Open
dhirajjbhasin153 opened this issue May 15, 2024 · 1 comment
Open

Only Facing Login Issue on Healthy VM on Azure Windows Server 2022 after applying cis_microsoft_windows_server_2022_21h2_1.0.0_machine.csv and cis_microsoft_windows_server_2022_22h2_2.0.0_machine.csv settings in default mode itself. #167

dhirajjbhasin153 opened this issue May 15, 2024 · 1 comment
Assignees
@0x6d69636b

Comments

@dhirajjbhasin153
Copy link

dhirajjbhasin153 commented May 15, 2024
edited

Greetings Team, Thank you first of all for providing this wonderful and easy to implement method for Hardening Windows Server 2022

The only issue we are facing on multiple VMs is that when I execute these commands on
Windows Server 2022 Datacenter version 21H1 and
Windows Server 2022 Datacenter Azure Edition version 21H1 in PowerShell ISE -

With admin privileges

Invoke-HardeningKitty -Mode HailMary -Log -Report -FileFindingList .\lists\finding_list_cis_microsoft_windows_server_2022_21h2_1.0.0_machine.csv -SkipRestorePoint

Invoke-HardeningKitty -Mode HailMary -Log -Report -FileFindingList .\lists\finding_list_cis_microsoft_windows_server_2022_22h2_2.0.0_machine.csv -SkipRestorePoint

Without admin privileges
Invoke-HardeningKitty -Mode HailMary -Log -Report -FileFindingList .\lists\finding_list_cis_microsoft_windows_server_2022_21h2_1.0.0_user.csv -SkipRestorePoint

Invoke-HardeningKitty -Mode HailMary -Log -Report -FileFindingList .\lists\finding_list_cis_microsoft_windows_server_2022_22h2_2.0.0_user.csv -SkipRestorePoint

I am applying these Benchmarks on Standalone Windows Servers Editions deployed and running only on Azure Cloud.

Secondly, we are using the Azure Bastion Service only to access these VMs on Azure Cloud which works perfectly well before applying these CIS Benchmarks.

Third, when the VM i.e Windows Server 2022 Datacenter or Windows Server 2022 Datacenter Azure Edition were deployed initially on azure cloud .... The Username and Password defined during initial VM deployment itself have Admin access and are part of Administrators Group by default. Even after applying CIS Benchmark when I checked on Windows Servers the username is still part of the Administrators group. which is not blocked for accessing Remote Desktop Services.

Even I tried resetting the same username and password on azure portal, It didn't worked as well. VM Agent is good and VM Extensions are also working correctly.

I also tried resetting the Admin credentials with New Username and Password to login into Windows Server post applying CIS Benchmark still it didn't worked.

The issue is that one of the Hardening Setting User Rights Management or Account Policies as defined in the CIS Benchmark in default state. Could you kindly confirm which particular setting we could exclude from the CSV file before applying CIS Benchmark ?
@0x6d69636b 0x6d69636b self-assigned this May 15, 2024
@0x6d69636b
Copy link
Owner

Thank you for your kind words. See this issue for some settings: scipag/HardeningKitty#37
Does that help?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@0x6d69636b 0x6d69636b

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0x6d69636b @dhirajjbhasin153