Using the Security Compliance Manager
SCM 4.0 provides ready-to-deploy policies based on Microsoft Security Guide recommendations and industry best practices, allowing you to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.
Load one of the Windows 10 baselines
Name it and save it:
Compare with the original
If you choose to merge, you’ll have to choose which setting to retain:
Choose another name:
Create new GPO
Export the new settings as a new GPO:
This GPO can now be applied/imported to any Windows 10 machine, or to a domain GPO.
Using the built-in features
Windows 10 has a number of features that can be used to harden the system:
List of additional tips (Lock down Windows 10)
Previous post: Windows 10 Hardening (Part I)
Next post: GPEdit vs SecPol