[German]Microsoft has released the Microsoft Security Compliance Toolkit 1.0 in Nov. 2021. This week I was asked if the Windows Policy Analyzer – a utility for analyzing and comparing Group Policy Objects (GPOs) – which has been available since 2016, is now being phased out. The download of the package is no longer available. It looks like the tool is now part of the Microsoft Security Compliance Toolkit 1.0, so here are a few notes.
Advertising
Perhaps this is all well known to administrators, I myself am not so at home in this area. A tweet pointed me to the topic of Windows Policy Analyzer the other day.
The tweet says that that the Windows Policy Analyzer is being classified as deprecated and asked if the same applies to the Microsoft Security Compliance Toolkit. The question was apparently triggered by the article linked in this tweet, which deals with Windows Hardening.
There it says, in a headline "Policy Analyzer (deprecated)" – but this refers to HardeningKitty and its PolicyRule file. This prompted me to briefly mention the Windows Policy Analyzer and the Microsoft Security Compliance Toolkit 1.0 in the blog.
Advertising
Windows Policy Analyzer gone?
Windows Policy Analyzer is a utility for analyzing and comparing Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and it can highlight differences between versions or sets of Group Policies. It can also compare GPOs with current local policy settings and with local registry settings. And you can export the results to a Microsoft Excel spreadsheet.
Now what about Windows Policy Analyzer? There was a Techcommunity post New tool: Policy Analyzer from Microsoft in 2016, which was even updated in June 2019, introducing the tool. But the download package for Windows Policy Analyzer probably no longer exists, as Microsoft has now integrated the tool into Microsoft Security Compliance Toolkit 1.0. At least, the link for the download in the following text (taken from theMicrosoft Security Compliance Toolkit 1.0 support post) refers to this compliance toolkit.
More information on the Policy Analyzer tool can be found on the Microsoft Security Baselines blog or by downloading the tool.
The Microsoft Security Compliance Toolkit 1.0 also contains the Windows Policy Analyzer – and there is no difference to the old version afaik.
The Microsoft Security Compliance Toolkit 1.0
Microsoft introduced the Microsoft Security Compliance Toolkit 1.0 (SCT) in a November 2021 support post. The Security Compliance Toolkit (SCT) provides a set of tools. These included:
- Windows 10 security baselines
- Windows Server security baselines
- Microsoft Office security baseline
- Microsoft Edge security baseline
- Windows Update security baseline
as well as various tools and scripts and can be downloaded here. The tools are intended to enable enterprise security administrators to download, analyze, test, edit and save Microsoft recommended security configuration baselines for Windows and other Microsoft products. Administrators should be able to use the tools to effectively manage their company's group policy objects (GPOs). Details can be found in the Microsoft Security Compliance Toolkit 1.0 (SCT) support article.
