Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
Default Domain Controllers Policy
Data collected on: 11/28/2007 10:32:29 AM
General
Details
Domaindomain.lan
OwnerDOMAIN\Domain Admins
Created2/19/2007 12:13:20 AM
Modified10/26/2007 12:10:10 PM
User Revisions0 (AD), 0 (sysvol)
Computer Revisions8 (AD), 8 (sysvol)
Unique ID{6AC1786C-016F-11D2-945F-00C04FB984F9}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
Domain ControllersNoEnableddomain.lan/Domain Controllers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter NameNone
DescriptionNot applicable
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
DOMAIN\Domain AdminsEdit settings, delete, modify securityNo
DOMAIN\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Windows Settings
Security Settings
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess
Audit account managementSuccess
Audit directory service accessSuccess
Audit logon eventsSuccess
Audit object accessNo auditing
Audit policy changeSuccess
Audit privilege useNo auditing
Audit process trackingNo auditing
Audit system eventsSuccess
Local Policies/User Rights Assignment
PolicySetting
Access this computer from the networkEveryone, BUILTIN\Administrators, NT AUTHORITY\Authenticated Users, NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS, BUILTIN\Pre-Windows 2000 Compatible Access
Act as part of the operating system
Add workstations to domainNT AUTHORITY\Authenticated Users
Adjust memory quotas for a processNT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE, BUILTIN\Administrators
Allow log on locallyBUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Account Operators, BUILTIN\Server Operators, BUILTIN\Print Operators
Back up files and directoriesBUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Server Operators
Bypass traverse checkingEveryone, BUILTIN\Administrators, NT AUTHORITY\Authenticated Users, BUILTIN\Pre-Windows 2000 Compatible Access
Change the system timeNT AUTHORITY\LOCAL SERVICE, BUILTIN\Administrators, BUILTIN\Server Operators
Create a pagefileBUILTIN\Administrators
Create a token object
Create permanent shared objects
Debug programsBUILTIN\Administrators
Deny access to this computer from the networkDOMAIN\SUPPORT_388945a0
Deny log on as a batch job
Deny log on as a service
Deny log on locallyDOMAIN\SUPPORT_388945a0
Enable computer and user accounts to be trusted for delegationBUILTIN\Administrators
Force shutdown from a remote systemBUILTIN\Administrators, BUILTIN\Server Operators
Generate security auditsNT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE
Increase scheduling priorityBUILTIN\Administrators
Load and unload device driversBUILTIN\Administrators, BUILTIN\Print Operators
Lock pages in memory
Log on as a batch jobNT AUTHORITY\LOCAL SERVICE, DOMAIN\SUPPORT_388945a0
Log on as a serviceDOMAIN\ADMINISTRATOr, NT AUTHORITY\NETWORK SERVICE
Manage auditing and security logBUILTIN\Administrators
Modify firmware environment valuesBUILTIN\Administrators
Profile single processBUILTIN\Administrators
Profile system performanceBUILTIN\Administrators
Remove computer from docking stationBUILTIN\Administrators
Replace a process level tokenNT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE
Restore files and directoriesBUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Server Operators
Shut down the systemBUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Server Operators, BUILTIN\Print Operators
Synchronize directory service data
Take ownership of files or other objectsBUILTIN\Administrators
Local Policies/Security Options
Domain Controller
PolicySetting
Domain controller: LDAP server signing requirementsNone
Domain Member
PolicySetting
Domain member: Digitally encrypt or sign secure channel data (always)Enabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Security
PolicySetting
Network security: LAN Manager authentication levelSend NTLM response only
Public Key Policies/Autoenrollment Settings
PolicySetting
Enroll certificates automaticallyEnabled
Renew expired certificates, update pending certificates, and remove revoked certificatesDisabled
Update certificates that use certificate templatesDisabled
Public Key Policies/Encrypting File System
Properties
PolicySetting
Allow users to encrypt files using Encrypting File System (EFS)Enabled
Public Key Policies/Trusted Root Certification Authorities
Properties
PolicySetting
Allow users to select new root certification authorities (CAs) to trustEnabled
Client computers can trust the following certificate storesThird-Party Root Certification Authorities and Enterprise Root Certification Authorities
To perform certificate-based authentication of users and computers, CAs must meet the following criteriaRegistered in Active Directory only
User Configuration (Enabled)
No settings defined.