In part 1, we set the stage for the work we are about to do. We briefly went over the items that led up to our decisions. In the next parts, we’ll walk you through what we did. If you would like, you can go back and read Using ConfigMgr Compliance to Manage Security Configuration Baselines (Part 1 of ?) to get caught up.
Active Directory Group Policy
We need to get the settings that were already configured within the domain so that we can create the needed INF file templates for the non-registry policy settings.
To do this, we fire up an elevated PowerShell session and do the following:
Get the names of the GPOs within the domain
$GPONames = (Get-GPO -Domain contoso.com -All | Sort-Object -Property DisplayName).DisplayName
Beer & PowerShell (BeerShell) 