| Default Domain Policy | |
| Data collected on: 4/4/2014 10:57:50 AM | |
Details
| Domain | netid.washington.edu |
| Owner | NETID\Domain Admins |
| Created | 6/13/2006 11:11:18 PM |
| Modified | 4/4/2014 10:57:30 AM |
| User Revisions | 4 (AD), 4 (SYSVOL) |
| Computer Revisions | 221 (AD), 221 (SYSVOL) |
| Unique ID | {31B2F340-016D-11D2-945F-00C04FB984F9} |
| GPO Status | Enabled |
Links
| Location | Enforced | Link Status | Path |
|---|---|---|---|
| netid | No | Enabled | netid.washington.edu |
| Exch 2010 | No | Enabled | netid.washington.edu/Delegated/uwit/Exchange/Exch 2010 |
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
| Name |
|---|
| NT AUTHORITY\Authenticated Users |
Delegation
These groups and users have the specified permission for this GPO
| Name | Allowed Permissions | Inherited |
|---|---|---|
| NETID\Domain Admins | Edit settings, delete, modify security | No |
| NETID\Enterprise Admins | Edit settings, delete, modify security | No |
| NT AUTHORITY\Authenticated Users | Read (from Security Filtering) | No |
| NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | Read | No |
| NT AUTHORITY\SYSTEM | Edit settings, delete, modify security | No |
Security Settings
Account Policies/Password Policy
| Policy | Setting |
|---|---|
| Enforce password history | 0 passwords remembered |
| Maximum password age | 0 days |
| Minimum password age | 0 days |
| Minimum password length | 1 characters |
| Password must meet complexity requirements | Disabled |
| Store passwords using reversible encryption | Disabled |
Account Policies/Kerberos Policy
| Policy | Setting |
|---|---|
| Enforce user logon restrictions | Enabled |
| Maximum lifetime for service ticket | 600 minutes |
| Maximum lifetime for user ticket | 10 hours |
| Maximum lifetime for user ticket renewal | 7 days |
| Maximum tolerance for computer clock synchronization | 5 minutes |
Local Policies/User Rights Assignment
| Policy | Setting |
|---|---|
| Add workstations to domain | NETID\u_windowsinfrastructure_computerjoiners |
Local Policies/Security Options
Accounts
| Policy | Setting |
|---|---|
| Accounts: Guest account status | Disabled |
| Accounts: Limit local account use of blank passwords to console logon only | Enabled |
Domain Member
| Policy | Setting |
|---|---|
| Domain member: Digitally encrypt secure channel data (when possible) | Enabled |
| Domain member: Digitally sign secure channel data (when possible) | Enabled |
Microsoft Network Client
| Policy | Setting |
|---|---|
| Microsoft network client: Digitally sign communications (if server agrees) | Enabled |
| Microsoft network client: Send unencrypted password to third-party SMB servers | Disabled |
Microsoft Network Server
| Policy | Setting |
|---|---|
| Microsoft network server: Digitally sign communications (if client agrees) | Enabled |
Network Access
| Policy | Setting |
|---|---|
| Network access: Allow anonymous SID/Name translation | Disabled |
| Network access: Do not allow anonymous enumeration of SAM accounts | Enabled |
| Network access: Do not allow anonymous enumeration of SAM accounts and shares | Enabled |
| Network access: Let Everyone permissions apply to anonymous users | Disabled |
Network Security
| Policy | Setting |
|---|---|
| Network security: Do not store LAN Manager hash value on next password change | Enabled |
| Network security: LAN Manager authentication level | Send NTLMv2 response only. Refuse LM & NTLM |
Other
| Policy | Setting |
|---|---|
| Network security: Allow Local System to use computer identity for NTLM | Enabled |
| Network security: Restrict NTLM: Audit Incoming NTLM Traffic | Enable auditing for all accounts |
| Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers | Audit all |
Public Key Policies/Encrypting File System
Certificates
| Issued To | Issued By | Expiration Date | Intended Purposes |
|---|---|---|---|
| administrator | administrator | 6/12/2009 11:15:54 PM | File Recovery |
For additional information about individual settings, launch the Local Group Policy Object Editor.
Public Key Policies/Trusted Root Certification Authorities
Certificates
| Issued To | Issued By | Expiration Date | Intended Purposes |
|---|---|---|---|
| AddTrust External CA Root | AddTrust External CA Root | 5/30/2020 3:48:38 AM | <All> |
| UW Services CA | UW Services CA | 9/3/2030 11:25:09 AM | <All> |
For additional information about individual settings, launch the Local Group Policy Object Editor.
Administrative Templates
Policy definitions (ADMX files) retrieved from the local computer.
System/Group Policy
| Policy | Setting | Comment |
|---|---|---|
| Allow cross-forest user policy and roaming user profiles | Enabled |
System/Kerberos
| Policy | Setting | Comment |
|---|---|---|
| Kerberos client support for claims, compound authentication and Kerberos armoring | Enabled |
System/Windows Time Service/Time Providers
| Policy | Setting | Comment |
|---|---|---|
| Enable Windows NTP Client | Enabled |
Administrative Templates
Policy definitions (ADMX files) retrieved from the local computer.
System/Ctrl+Alt+Del Options
| Policy | Setting | Comment |
|---|---|---|
| Remove Change Password | Enabled |
System/Power Management
| Policy | Setting | Comment |
|---|---|---|
| Prompt for password on resume from hibernate/suspend | Enabled |