AnsweredAssumed Answered

CIS benchmarks L1, Server 2016 Member on firewall settings

Question asked by Random_Generated Random_Generated on Apr 25, 2019
Latest reply on May 17, 2019 by Jayesh Rajan


We seem to have an issue with one of the CIS benchmarks around Server 2016 and the firewall settings. I'm not sure if we are missing something due to a mixed message between the Group Policy wording, Registry keys and the CIS failure cause. 


If I set the GPO to Display a notification, the disablenotifications registry key says 0 (which sounds like a negative or "No")

If I set the GPO to not Display a notification, the disablenotifications registry key says 1 (Which sounds like a positive or "Yes")


Based on the GPO setting where we need to display a notification (based on benchmark wording) the Regkey should be 0 however the Order 3.4/ Control ID 3962 is expecting a 1/No which is the wrong way around. 


We seem to have a couple of failures on Firewall items which we have correct but these seem to be wrong (3.4, 3.12, 3.20 as examples). 


I have tried to dig around in google and the forums but i cannot seem to find an underlying issue - I could change the policy but that defeats the object and the policy had been updated in March 19


Has anyone else had this issue?


Thanks for your thoughts