Using the Security and Configuration Analysis
Microsoft provides security templates for Windows Server and client operating systems, containing security configuration designed for different scenarios and server roles. There are some security templates that are part of the operating system and get applied during different operations, such as when promoting a server to a domain controller.
In Windows Server 2008 and later versions, security templates are located in %systemroot%inf and are more limited than in Windows Server 2003. Templates include:
- Defltbase.inf (baseline)
- Defltsv.inf (web/file/print servers)
- DCfirst.inf (for the first domain controller in a domain)
- Defltdc.inf (other domain controllers)
Basically, you should repeat the procedures already explained for Windows 7 with two different tools, but instead of loading the .inf from the STIG now you load one of the security templates shipped with Windows Server 2012.
Analyze the baseline template with the Policy Analyzer
Add the baseline template