1 Reply Latest reply on Nov 18, 2016 2:56 PM by Yanick Girouard

    CIS Compliance Content & GPO Remediation BL Package

    David Poole

      After a recent upgrade to BSA 8.7 we decided to import the "CIS Compliance Content" package since it was available now.  The following listed component Templates come out of the box with BSA87 and we would like to take advantage of them since they offer "auto remediation packages", however we are finding that some rules in the win2k8 template and all the rules inside the win2k12 template are using only one BL Package called "GPO Remediation" which accepts parameters as values to remediate your target. So our main question is "Has anyone found documentation on this and how to use the GPO Remediation bl package?" I haven't found anything on the discussion board as of yet.

       

      If you take a moment to open a rule inside the component template and click on the remediation tab you will see that most of the rules are mapping to a BL Package called "GPO Remediation", you will also noticed the parameters you can pass including a
      PARAMTER_VALUE=READFROMFILE.  So I'm assuming you can have multiple remediation files for this package to read from aswell, which would be very helpful under a multi customer environment like ourselves. See screenshot below..

       

       

      What's confusing is if you open the "GPO Remediation" package and read the cmd script inside it doesn't actually do any remediation at all. seems like it prepares a file for remediation steps. So where is it actually remediating the target and how? If anyone can supply us with some information on this this would be great. Thanks - Dave