Alongside the release of this feature update, Microsoft also publishes advanced tools for IT professionals, which include the following:
Security BaselineAdministrative TemplatesWindows Assessment and Deployment Kit (ADK)
Moreover, you can also use Windows 10 22H2 Enterprise edition which is targeted at Windows-oriented companies that need to get the most out of their computers. If you are a sysadmin, you can download all of these add-ons and professional tools for Windows 10 22H2 from this post directly.
Download Windows 10 22H2 (2022 Update) Security Baseline
A Security Baseline is an additional set of security enhancements that can be added to the original security protocols already in place in Windows. This is especially useful for companies and organizations that prefer to take more control of their virtual security.
Download Windows 10 22H2 (2022 Update) Security Baseline New in Windows 10 22H2 Security Baseline Improvement to Printers Credential Theft Protection Attack Surface Reduction Account Lockout Policies Other Security Enhancements Download Windows 10 22H2 (2022 Update) Administrative Templates (ADMX) New in Windows 10 22H2 Administrative Templates How to Uninstall Administrative Templates (ADMX) Download Windows 10 22H2 (2022 Update) ADK How to Install Windows ADK Closing Words
If you are a system administrator, installing a Security Baseline on a Windows 10 computer will add additional options to the Group Policy so you can control and push those settings to other devices on the entire network. The Windows 10 22H2 Security Baseline has been released as a component of Microsoft Security Compliance Toolkit 1.0. Even so, you can download only the security baseline. Here are the steps to do so: Windows 10 22H2 Security Baseline will be installed successfully. Right-click “Baseline-LocalInstall” then click Run with PowerShell from the context menu. The scripts will now run automatically. Wait for the PowerShell window to close on its own. Let us now see what changes this baseline introduces for Windows 10.
New in Windows 10 22H2 Security Baseline
Improvement to Printers
Support for RedirectionGuard is added to the print service. RedirectionGuard is a security measure that prevents the use of non-administratively created redirection primitives from being followed within a given process. The setting Configure Redirection Guard is now Enabled by default as part of the baseline. Manage processing of queue-specific files is now Enabled. Manage processing of queue-specific files (also called CopyFilesPolicy) was first introduced as a registry key in response to CVE-2021-36958 in September of 2021. This setting allows standard color profile processing using the inbox mscms.dll executable and nothing else. The security baseline is to configure this setting to Enabled with the option of “Limit queue-specific files to color profiles.” For Windows 10, version 22H2 this setting is not yet available natively, therefore we have created the setting and added it to the SecGuide.ADMX. Limit print driver installation to Administrators. This policy was introduced to the security baselines as part of the SecGuide.ADMX before an inbox policy was available. This policy is now contained within the OS, and the MS Security Guide setting is deprecated. However, since both settings write to the same location, the configured values still appear in both locations. The explanatory text in the MS Security Guide is updated to point users to the new location. Configure RPC packet level privacy setting for incoming connections. This policy is now added to SecGuide.ADMX as a result of CVE-2021-1678 and is set to Enabled by default as part of the baseline. The work of creating and deploying registry keys is now included in the security baseline until the setting becomes inbox to Windows.
These policies can be found at the following location within the Group Policy editor: RedirectionGuard is a security measure that prevents the use of non-administratively created redirection primitives from being followed within a given process. The setting Configure Redirection Guard is now Enabled by default as part of the baseline. Manage processing of queue-specific files (also called CopyFilesPolicy) was first introduced as a registry key in response to CVE-2021-36958 in September of 2021. This setting allows standard color profile processing using the inbox mscms.dll executable and nothing else. The security baseline is to configure this setting to Enabled with the option of “Limit queue-specific files to color profiles.” For Windows 10, version 22H2 this setting is not yet available natively, therefore we have created the setting and added it to the SecGuide.ADMX. This policy was introduced to the security baselines as part of the SecGuide.ADMX before an inbox policy was available. This policy is now contained within the OS, and the MS Security Guide setting is deprecated. However, since both settings write to the same location, the configured values still appear in both locations. The explanatory text in the MS Security Guide is updated to point users to the new location. This policy is now added to SecGuide.ADMX as a result of CVE-2021-1678 and is set to Enabled by default as part of the baseline. The work of creating and deploying registry keys is now included in the security baseline until the setting becomes inbox to Windows.
Credential Theft Protection
Additional Local Security Authority (LSA) protection provides defense by running LSA as a protected process. LSA protection was first introduced in the Windows 8.1 security baseline, as part of the original Pass-the-Hash mitigations. At this time the security baseline will move MS Security Guide\LSA Protection to a value of Enabled. This policy can be found at the following location within the Group Policy editor:
Attack Surface Reduction
A new rule Block abuse of exploited vulnerable signed drivers is now included as part of the operating system baselines as part of the Microsoft Defender Antivirus GPO. This rule applies across both client and server and helps prevent an application from writing a vulnerable signed driver to disk. This policy can be found at the following location within the Group Policy editor:
Account Lockout Policies
A new policy Allow Administrator account lockout is added to mitigate brute-force authentication attacks. The recommended values for the policies Account lockout duration and Reset account lockout counter after are adjusted to be consistent with the defaults for out-of-the-box Windows installations. This policy can be found at the following location within the Group Policy editor:
Other Security Enhancements
A mismatch between the security baseline documentation and the accompanying Group Policy for Microsoft Defender Antivirus settings has been corrected with this release. The documentation stated that Turn on behavior monitoring should be set to Enabled, but the actual GPO remained in a Not Configured state. This policy can be found at the following location within the Group Policy editor: You can read more about these improvements in the Windows 11 22H2 Security Baseline Release Notes.
Download Windows 10 22H2 (2022 Update) Administrative Templates (ADMX)
Administrative Templates give you more control over your computer, or an entire domain of computers if you are a sysadmin connected to an Active Directory. This allows you to gain more control over each device as you apply more policies, making them more secure and less vulnerable to exploits. The Windows 10 22H2 ADMX is backward and forward-compatible, so it can also be installed on the following operating systems:
Windows 11 (all versions)Windows 10 (all versions)Windows 8 & 8.1Windows 7Windows Server (2019, 2016, 2012 R2, 2012, 2008)
Installing these administrative templates will include more Group Policies for you to configure. Continue below to download and install it. You have now successfully installed the ADMX Templates. Head over to Microsoft’s download center to get more information about the Windows 10 22H2 Administrative Templates or install it in another language.
New in Windows 10 22H2 Administrative Templates
Several computer and user configuration options have been added to the Group Policy settings with these templates. The table below lists the new policies which will be added upon installing Windows 10 22H2 admx: To read more about all of the group policies and their paths, you can download the references spreadsheet here: Download Windows 10 22H2 ADMX reference spreadsheet [735 KB]
How to Uninstall Administrative Templates (ADMX)
If you are not comfortable with these templates or are causing issues with your work or computer, you can simply uninstall them using these steps: The ADMX and all installed Group Policies will now be removed from your computer.
Download Windows 10 22H2 (2022 Update) ADK
Microsoft Windows Assessment and Deployment Kit (ADK) is a collection of tools that you can combine to prepare, assess and launch image-based large-scale Windows deployments. These tools are also used to test the operating system’s quality and performance, as well as the applications running on it. Windows ADK can be deployed on a broad range of devices, such as desktops, notebooks, Internet of Things (IoT) devices, etc. This toolkit works across platforms that work with devices with and without screens. The tools currently available in Windows ADK have varied through the years, but currently, they include the following:
Windows System Image ManagerWindows Preinstallation Environment (WinPE)Deployment Image Servicing and Management tool (DISM)
Click on the respective link below to download either Windows ADK or WinPE for Windows 10 22H2: Download Windows ADK for Windows 10 version 22H2 Download Windows Preinstallation Environment for Windows 10 version 22H2
How to Install Windows ADK
After downloading, you can continue to install it on your PC using these steps: Note: You will need to uninstall any previous installation of Windows ADK, if already installed, through the Programs and Features applet.
Closing Words
The administrative tools given in this post will help you professionals keep your and your enterprise’s systems more secure and away from threats. Each of these components, including the Enterprise edition ISO, plays its role in securing your computer and the environment around you. We hope that you found this article useful and found what you were looking for.