We seem to have an issue with one of the CIS benchmarks around Server 2016 and the firewall settings. I'm not sure if we are missing something due to a mixed message between the Group Policy wording, Registry keys and the CIS failure cause.
If I set the GPO to Display a notification, the disablenotifications registry key says 0 (which sounds like a negative or "No")
If I set the GPO to not Display a notification, the disablenotifications registry key says 1 (Which sounds like a positive or "Yes")
Based on the GPO setting where we need to display a notification (based on benchmark wording) the Regkey should be 0 however the Order 3.4/ Control ID 3962 is expecting a 1/No which is the wrong way around.
We seem to have a couple of failures on Firewall items which we have correct but these seem to be wrong (3.4, 3.12, 3.20 as examples).
I have tried to dig around in google and the forums but i cannot seem to find an underlying issue - I could change the policy but that defeats the object and the policy had been updated in March 19
Has anyone else had this issue?
Thanks for your thoughts