Only Facing Login Issue on Healthy VM on Azure Windows Server 2022 after applying cis_microsoft_windows_server_2022_21h2_1.0.0_machine.csv and cis_microsoft_windows_server_2022_22h2_2.0.0_machine.csv settings in default mode itself.

[dhirajjbhasin153]

Greetings Team, Thank you first of all for providing this wonderful and easy to implement method for Hardening Windows Server 2022

The only issue we are facing on multiple VMs is that when I execute these commands on
Windows Server 2022 Datacenter version 21H1 and
Windows Server 2022 Datacenter Azure Edition version 21H1 in PowerShell ISE -

With admin privileges

Invoke-HardeningKitty -Mode HailMary -Log -Report -FileFindingList .\lists\finding_list_cis_microsoft_windows_server_2022_21h2_1.0.0_machine.csv -SkipRestorePoint

Invoke-HardeningKitty -Mode HailMary -Log -Report -FileFindingList .\lists\finding_list_cis_microsoft_windows_server_2022_22h2_2.0.0_machine.csv -SkipRestorePoint

Without admin privileges
Invoke-HardeningKitty -Mode HailMary -Log -Report -FileFindingList .\lists\finding_list_cis_microsoft_windows_server_2022_21h2_1.0.0_user.csv -SkipRestorePoint

Invoke-HardeningKitty -Mode HailMary -Log -Report -FileFindingList .\lists\finding_list_cis_microsoft_windows_server_2022_22h2_2.0.0_user.csv -SkipRestorePoint

I am applying these Benchmarks on Standalone Windows Servers Editions deployed and running only on Azure Cloud.

Secondly, we are using the Azure Bastion Service only to access these VMs on Azure Cloud which works perfectly well before applying these CIS Benchmarks.

Third, when the VM i.e Windows Server 2022 Datacenter or Windows Server 2022 Datacenter Azure Edition were deployed initially on azure cloud .... The Username and Password defined during initial VM deployment itself have Admin access and are part of Administrators Group by default. Even after applying CIS Benchmark when I checked on Windows Servers the username is still part of the Administrators group. which is not blocked for accessing Remote Desktop Services.

Even I tried resetting the same username and password on azure portal, It didn't worked as well. VM Agent is good and VM Extensions are also working correctly.

I also tried resetting the Admin credentials with New Username and Password to login into Windows Server post applying CIS Benchmark still it didn't worked.

The issue is that one of the Hardening Setting User Rights Management or Account Policies as defined in the CIS Benchmark in default state. Could you kindly confirm which particular setting we could exclude from the CSV file before applying CIS Benchmark ?

[0x6d69636b]

Thank you for your kind words. See this issue for some settings: scipag/HardeningKitty#37
Does that help?