| PM |
Details
| Domain | netid.washington.edu |
| Owner | NETID\Domain Admins |
| Created | 6/13/2006 11:11:18 PM |
| Modified | 8/11/2006 10:31:46 AM |
| User Revisions | 0 (AD), 0 (sysvol) |
| Computer Revisions | 194 (AD), 194 (sysvol) |
| Unique ID | {6AC1786C-016F-11D2-945F-00C04FB984F9} |
| GPO Status | Enabled |
Links
| Location | Enforced | Link Status | Path |
|---|---|---|---|
| Domain Controllers | No | Enabled | netid.washington.edu/Domain Controllers |
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
| Name |
|---|
| NT AUTHORITY\Authenticated Users |
WMI Filtering
| WMI Filter Name | None |
| Description | Not applicable |
Delegation
These groups and users have the specified permission for this GPO
| Name | Allowed Permissions | Inherited |
|---|---|---|
| NETID\Domain Admins | Edit settings, delete, modify security | No |
| NETID\Enterprise Admins | Edit settings, delete, modify security | No |
| NT AUTHORITY\Authenticated Users | Read (from Security Filtering) | No |
| NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | Read | No |
| NT AUTHORITY\SYSTEM | Edit settings, delete, modify security | No |
Security Settings
Account Policies/Password Policy
| Policy | Setting |
|---|---|
| Enforce password history | 0 passwords remembered |
| Maximum password age | 0 days |
| Minimum password age | 0 days |
| Minimum password length | 1 characters |
| Password must meet complexity requirements | Disabled |
| Store passwords using reversible encryption | Disabled |
Account Policies/Account Lockout Policy
| Policy | Setting |
|---|---|
| Account lockout duration | 1 minutes |
| Account lockout threshold | 5 invalid logon attempts |
| Reset account lockout counter after | 1 minutes |
Account Policies/Kerberos Policy
| Policy | Setting |
|---|---|
| Enforce user logon restrictions | Enabled |
| Maximum lifetime for service ticket | 600 minutes |
| Maximum lifetime for user ticket | 10 hours |
| Maximum lifetime for user ticket renewal | 7 days |
| Maximum tolerance for computer clock synchronization | 5 minutes |
Local Policies/Audit Policy
| Policy | Setting |
|---|---|
| Audit account logon events | Success, Failure |
| Audit account management | Success, Failure |
| Audit directory service access | Failure |
| Audit logon events | Success, Failure |
| Audit object access | Success, Failure |
| Audit policy change | Success, Failure |
| Audit privilege use | Success, Failure |
| Audit process tracking | Success, Failure |
| Audit system events | Success, Failure |
Local Policies/User Rights Assignment
| Policy | Setting |
|---|---|
| Access this computer from the network | Everyone, BUILTIN\Administrators, NT AUTHORITY\Authenticated Users, NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS, BUILTIN\Pre-Windows 2000 Compatible Access |
| Act as part of the operating system | |
| Add workstations to domain | NETID\Domain Admins |
| Adjust memory quotas for a process | NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE, BUILTIN\Administrators |
| Allow log on locally | BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Account Operators, BUILTIN\Server Operators, BUILTIN\Print Operators |
| Back up files and directories | BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Server Operators |
| Bypass traverse checking | Everyone, BUILTIN\Administrators, NT AUTHORITY\Authenticated Users, BUILTIN\Pre-Windows 2000 Compatible Access |
| Change the system time | NT AUTHORITY\LOCAL SERVICE, BUILTIN\Administrators, BUILTIN\Server Operators |
| Create a pagefile | BUILTIN\Administrators |
| Create a token object | |
| Create permanent shared objects | |
| Debug programs | BUILTIN\Administrators |
| Deny access to this computer from the network | NETID\SUPPORT_388945a0 |
| Deny log on as a batch job | |
| Deny log on as a service | |
| Deny log on locally | NETID\SUPPORT_388945a0 |
| Enable computer and user accounts to be trusted for delegation | BUILTIN\Administrators |
| Force shutdown from a remote system | BUILTIN\Administrators, BUILTIN\Server Operators |
| Generate security audits | NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE |
| Increase scheduling priority | BUILTIN\Administrators |
| Load and unload device drivers | BUILTIN\Administrators, BUILTIN\Print Operators |
| Lock pages in memory | |
| Log on as a batch job | NT AUTHORITY\LOCAL SERVICE, NETID\SUPPORT_388945a0 |
| Log on as a service | NT AUTHORITY\NETWORK SERVICE |
| Manage auditing and security log | BUILTIN\Administrators |
| Modify firmware environment values | BUILTIN\Administrators |
| Profile single process | BUILTIN\Administrators |
| Profile system performance | BUILTIN\Administrators |
| Remove computer from docking station | BUILTIN\Administrators |
| Replace a process level token | NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE |
| Restore files and directories | BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Server Operators |
| Shut down the system | BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Server Operators, BUILTIN\Print Operators |
| Synchronize directory service data | |
| Take ownership of files or other objects | BUILTIN\Administrators |
Local Policies/Security Options
Accounts
| Policy | Setting |
|---|---|
| Accounts: Administrator account status | Enabled |
| Accounts: Guest account status | Disabled |
| Accounts: Limit local account use of blank passwords to console logon only | Enabled |
| Accounts: Rename administrator account | "WinAuth-Admin" |
| Accounts: Rename guest account | "WinAuth-Guest" |
Audit
| Policy | Setting |
|---|---|
| Audit: Audit the access of global system objects | Enabled |
Devices
| Policy | Setting |
|---|---|
| Devices: Allow undock without having to log on | Disabled |
| Devices: Restrict CD-ROM access to locally logged-on user only | Enabled |
| Devices: Restrict floppy access to locally logged-on user only | Enabled |
| Devices: Unsigned driver installation behavior | Warn but allow installation |
Domain Controller
| Policy | Setting |
|---|---|
| Domain controller: Allow server operators to schedule tasks | Disabled |
Interactive Logon
| Policy | Setting |
|---|---|
| Interactive logon: Do not display last user name | Enabled |
| Interactive logon: Number of previous logons to cache (in case domain controller is not available) | 0 logons |
Microsoft Network Server
| Policy | Setting |
|---|---|
| Microsoft network server: Amount of idle time required before suspending session | 15 minutes |
| Microsoft network server: Disconnect clients when logon hours expire | Enabled |
Network Access
| Policy | Setting |
|---|---|
| Network access: Do not allow storage of credentials or .NET Passports for network authentication | Enabled |
| Network access: Let Everyone permissions apply to anonymous users | Disabled |
Network Security
| Policy | Setting |
|---|---|
| Network security: Do not store LAN Manager hash value on next password change | Enabled |
| Network security: Force logoff when logon hours expire | Enabled |
| Network security: LAN Manager authentication level | Send NTLMv2 response only\refuse LM & NTLM |
Recovery Console
| Policy | Setting |
|---|---|
| Recovery console: Allow floppy copy and access to all drives and all folders | Enabled |
System Objects
| Policy | Setting |
|---|---|
| System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | Enabled |
Event Log
| Policy | Setting |
|---|---|
| Maximum application log size | 50048 kilobytes |
| Maximum security log size | 131072 kilobytes |
| Maximum system log size | 50048 kilobytes |
| Prevent local guests group from accessing application log | Enabled |
| Prevent local guests group from accessing security log | Enabled |
| Prevent local guests group from accessing system log | Enabled |
| Retention method for application log | As needed |
| Retention method for security log | As needed |
| Retention method for system log | As needed |
System Services
Alerter (Startup Mode: Disabled)
Permissions
No permissions specified
No permissions specified
Auditing
No auditing specified
No auditing specified
Messenger (Startup Mode: Disabled)
Permissions
No permissions specified
No permissions specified
Auditing
No auditing specified
No auditing specified
Task Scheduler (Startup Mode: Automatic)
Permissions
No permissions specified
No permissions specified
Auditing
No auditing specified
No auditing specified
Network/DNS Client
| Policy | Setting | ||
|---|---|---|---|
| Dynamic Update | Disabled | ||
| Register PTR Records | Enabled | ||
| |||
System/Net Logon/DC Locator DNS Records
| Policy | Setting |
|---|---|
| Dynamic Registration of the DC Locator DNS Records | Disabled |
Windows Components/Internet Information Services
| Policy | Setting |
|---|---|
| Prevent IIS installation | Enabled |
Windows Components/NetMeeting
| Policy | Setting |
|---|---|
| Disable remote Desktop Sharing | Enabled |
Windows Components/Windows Media Digital Rights Management
| Policy | Setting |
|---|---|
| Prevent Windows Media DRM Internet Access | Enabled |
Windows Components/Windows Messenger
| Policy | Setting |
|---|---|
| Do not allow Windows Messenger to be run | Enabled |
| Do not automatically start Windows Messenger initially | Enabled |
Windows Components/Windows Movie Maker
| Policy | Setting |
|---|---|
| Do not allow Windows Movie Maker to run | Enabled |
Windows Components/Windows Update
| Policy | Setting | ||||||
|---|---|---|---|---|---|---|---|
| Allow Automatic Updates immediate installation | Enabled | ||||||
| Automatic Updates detection frequency | Enabled | ||||||
| |||||||
| Policy | Setting | ||||||
| Enable client-side targeting | Enabled | ||||||
| |||||||
| Policy | Setting | ||||||
| Specify intranet Microsoft update service location | Enabled | ||||||
| |||||||
No settings defined.
No comments:
Post a Comment