Preface: I am a Linux administrator. I do not really have "get" (or like) Windows.
I'm working on Windows 2016 servers with CIS recommendations. The main purpose is to create a set of GPOs in accordance with CIS specifications and apply it to the server (s) in question. I use Tenable's Nessus Audit Scanner to check the validity of the settings.
Here's where you can get the CIS specifications that I use: https://www.cisecurity.org/benchmark/microsoft_windows_server/
(There is no direct download for this, but it is free to download.)
Many of the exact details matter little, so for this question, I will focus on a specific example that I should be able to extrapolate to solve other problems. Overall, the problem seems to be that I'm trying to apply registry changes via a GPO and I guess I do not understand how to do it. However, the CIS Directive is very specific on the steps to be taken to remedy the situation.
So, for example, I'm trying to apply CIS directive 126.96.36.199, "Make sure that "Enable Screen Saver" is set to "On"."
The steps to follow are listed as follows:
To establish the recommended configuration via GP, set the following parameters:
User Interface Path to Enabled: User Configuration Policies Administrative
Templates Control Panel Customization Enable Screen Saver
Ok, so I did that. I know that the GPO itself is applied because all the other GPO settings are now displayed on the server. In addition, the analysis Nessus Audit now indicates "OK" for most of the items I just applied.
The only things that do not seem to work are the items that are registry settings.
When I examine the registry, I see that the key I am trying to define is that a value does not even exist. For this example, this key is:
HKEY_USERS[USER SID] SOFTWARE Policies Microsoft Windows Control Panel Desktop: ScreenSaveActive
So, how can I display a registry setting through a GPO?
Specifically, how can I make the "User Configuration" registry items appear?