Running CIS policies scans against a windows server 2016 is always showing failure because registry entries aren’t set on service accounts (GPO only apply to interactive logon).
Fine I wrote a ps script to add missing registry entries to the registry hive of the service account but R7 console is still showing failure result because keys are missing… I know it’s false because when I log on the server I can clearly see registry entries for all reported users.
I also noted that my user which has settings applied by GPO is also showing the failure even if it’s correctly set (screensaver settings are visible…)
Sorry for the delay here. I’d recommend opening a support case if you have not already done so. If you can validate the registry keys are present on the target machine, but the check is failing, we are into the realms of a potential issue with the checks themselves. Although I would certainly start with ensuring that authentication is working properly in the first instance, as this is often the root cause of policy checks failing. You need to see Credential Success with Admin on 139, 445 and 5985/5986 to be certain. You may find the CSE workshop on policy scanning useful:-