This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I am looking for the installation instructions for the Windows Server 2022 Security Baseline. It is not in the doc's that come with it, nor can I find any Microsoft website that describes how to install it.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hello
Greetings!
You can try to change the execution policy as mentioned in the link below. And then check if it helps.
https://lazyadmin.nl/powershell/run-a-powershell-script/
Windows Server 2022 Security Baseline | Microsoft Community Hub
Best Regards,
Daisy Zhou
There may not be any official web-based documentation as the information already exists in the Toolkit. You would install the baseline by browsing to the Scripts folder (Windows Server-2022-Security-Baseline-FINAL\Scripts) and executing Baseline-LocalInstall.ps1. If you executed it without any parameters, you would receive an error. Viewing the Powershell file and others you will notice the documentation on the available parameters. You would then re-execute the script with parameters matching your configuration.
Excerpt from that file:
Applies a Windows security configuration baseline to local group policy.
.DESCRIPTION
Applies a Windows security configuration baseline to local group policy.
Execute this script with one of these required command-line switches to install
the corresponding baseline:
-Win10DomainJoined - Windows 10, domain-joined
-Win10NonDomainJoined - Windows 10, non-domain-joined
-WSMember - Windows Server, domain-joined member server
-WSNonDomainJoined - Windows Server, non-domain-joined
-WSDomainController - Windows Server, domain controller
REQUIREMENTS:
* PowerShell execution policy must be configured to allow script execution; for example,
with a command such as the following:
Set-ExecutionPolicy RemoteSigned
* LGPO.exe must be in the Tools subdirectory or somewhere in the Path. LGPO.exe is part of
the Security Compliance Toolkit and can be downloaded from this URL:
https://www.microsoft.com/download/details.aspx?id=55319
.PARAMETER Win10DomainJoined
Installs security configuration baseline for Windows 10, domain-joined
.PARAMETER Win10NonDomainJoined
Installs security configuration baseline for Windows 10, non-domain-joined
.PARAMETER WSMember
Installs security configuration baseline for Windows Server, domain-joined member server
.PARAMETER WSNonDomainJoined
Installs security configuration baseline for Windows Server, non-domain-joined
.PARAMETER WSDomainController
Installs security configuration baseline for Windows Server, domain controller
There is an existing Microsoft Community that covers Security Baselines.
Hello Sam Morse,
Thank you for posting in Microsoft Community forum.
I hope the information provided by Techfreak_ is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
Thank you, For the .admx files, I have seen some information that they are used and copied to your \Windows\Sysvol\
sysvol\domain folder and other information that says nothing about them or what to do with them. Do you have any insight with what I am supposed to do?
I would have thought that the script would run on a Domain Controller with the appropriate switch, but it is being denied. Any thoughts here?
