Default Domain Policy

Last updated: January 30, 2023
Audience: IT Staff / Technical
Default Domain Policy
Data collected on: 4/4/2014 10:57:50 AM
General
Details
Domain netid.washington.edu
Owner NETID\Domain Admins
Created 6/13/2006 11:11:18 PM
Modified 4/4/2014 10:57:30 AM
User Revisions 4 (AD), 4 (SYSVOL)
Computer Revisions 221 (AD), 221 (SYSVOL)
Unique ID {31B2F340-016D-11D2-945F-00C04FB984F9}
GPO Status Enabled
Links
Location Enforced Link Status Path
netid No Enabled netid.washington.edu
Exch 2010 No Enabled netid.washington.edu/Delegated/uwit/Exchange/Exch 2010

This list only includes links in the domain of the GPO.

Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
NETID\Domain Admins Edit settings, delete, modify security No
NETID\Enterprise Admins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Account Policies/Password Policy
Policy Setting
Enforce password history 0 passwords remembered
Maximum password age 0 days
Minimum password age 0 days
Minimum password length 1 characters
Password must meet complexity requirements Disabled
Store passwords using reversible encryption Disabled
Account Policies/Kerberos Policy
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
Local Policies/User Rights Assignment
Policy Setting
Add workstations to domain NETID\u_windowsinfrastructure_computerjoiners
Local Policies/Security Options
Accounts
Policy Setting
Accounts: Guest account status Disabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Domain Member
Policy Setting
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Microsoft Network Client
Policy Setting
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft Network Server
Policy Setting
Microsoft network server: Digitally sign communications (if client agrees) Enabled
Network Access
Policy Setting
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Enabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network Security
Policy Setting
Network security: Do not store LAN Manager hash value on next password change Enabled
Network security: LAN Manager authentication level Send NTLMv2 response only. Refuse LM & NTLM
Other
Policy Setting
Network security: Allow Local System to use computer identity for NTLM Enabled
Network security: Restrict NTLM: Audit Incoming NTLM Traffic Enable auditing for all accounts
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Audit all
Public Key Policies/Encrypting File System
Certificates
Issued To Issued By Expiration Date Intended Purposes
administrator administrator 6/12/2009 11:15:54 PM File Recovery

For additional information about individual settings, launch the Local Group Policy Object Editor.

Public Key Policies/Trusted Root Certification Authorities
Certificates
Issued To Issued By Expiration Date Intended Purposes
AddTrust External CA Root AddTrust External CA Root 5/30/2020 3:48:38 AM <All>
UW Services CA UW Services CA 9/3/2030 11:25:09 AM <All>

For additional information about individual settings, launch the Local Group Policy Object Editor.

Administrative Templates
Policy definitions (ADMX files) retrieved from the local computer.
System/Group Policy
Policy Setting Comment
Allow cross-forest user policy and roaming user profiles Enabled
System/Kerberos
Policy Setting Comment
Kerberos client support for claims, compound authentication and Kerberos armoring Enabled
System/Windows Time Service/Time Providers
Policy Setting Comment
Enable Windows NTP Client Enabled
User Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the local computer.
System/Ctrl+Alt+Del Options
Policy Setting Comment
Remove Change Password Enabled
System/Power Management
Policy Setting Comment
Prompt for password on resume from hibernate/suspend Enabled