XblGameSave Standby Task, 11060

Question

XblGameSave Standby Task, 11060

FLeven opened this issue a year ago · comments

I know the recommendation exist (and you should disable), but it never made it into the official Microsoft OS machine baselines, right ?
I remember they mentioned somewhere, they think about expanding the baselines and adding user based tasks and services..

11060 | Scheduled Task | XblGameSave Standby Task

Michael Schneider · Answer 1 · Tue Jan 31 2023 00:49:09 GMT+0800 (China Standard Time)

This is officially part of the baseline (at least of the documentation MS Security Baseline Windows 11 v22H2.xlsx)

Felix Leven · Answer 2 · Tue Jan 31 2023 19:29:52 GMT+0800 (China Standard Time)

Yes, I wish the Excel files would not exist, policy analyzer for example, shows the actual settings that get deployed.

The Item 11060, will always be reported as a wrong setting, because it does not exist:
If one would like to disable a service for example, it can be disable in the "legacy/pre gpp" settings computer / windows settings / systemservice

or (MSFT Windows 11 - Computer)
Windows11-Security-Baseline-FINAL\GPOs{9FE25A81-CB6B-4F76-B9D2-147E9BED9A06}\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf

if we check the GPO backup that we imported, no schedules task is changed.
There are no GPP settings in any security baseline (Schedules Tasks are set in GPP), as far as I know.

I asked here, maybe someone will clarify, as this is not a new setting it would affect all client OS baselines:
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/bc-p/3729327#M560

Michael Schneider · Answer 3 · Wed Feb 01 2023 03:28:51 GMT+0800 (China Standard Time)

I like the Excel list because it simplifies my list-making work a lot. PolicyAnalyzer cannot check Scheduled Tasks settings as there are no registry keys for scheduled tasks as far as I know. However, as Aaron Margosis states, it is part of the baseline and Microsoft uses other tools to configure it.

But I'm basically interested to know what Microsoft's official position is on this, as the Excel list and other sources are sometimes conflicting. And then there is Intune...

Felix Leven · Answer 4 · Wed Feb 01 2023 06:30:04 GMT+0800 (China Standard Time)

Other tools = import to local gpo .... better do it with a computer gpp

I integrate all the important Microsoft security baselines (easier to implement then cis or dod, BSI is too much sisyphus), enforce them and report regularly that they stay unchanged, afterwards I can guaranty all vendor recommendations are set and not changed over time.

Then I add the customer customizations, maybe some security options etc. (Citrix recommendations are really tight and good).

I will delete the task from my list(s) or move it to an optional one.