Default Domain Policy

Default Domain Policy
Data collected on: 4/4/2014 10:57:50 AM

General

Details

Domain	netid.washington.edu
Owner	NETID\Domain Admins
Created	6/13/2006 11:11:18 PM
Modified	4/4/2014 10:57:30 AM
User Revisions	4 (AD), 4 (SYSVOL)
Computer Revisions	221 (AD), 221 (SYSVOL)
Unique ID	{31B2F340-016D-11D2-945F-00C04FB984F9}
GPO Status	Enabled

Links

Location	Enforced	Link Status	Path
netid	No	Enabled	netid.washington.edu
Exch 2010	No	Enabled	netid.washington.edu/Delegated/uwit/Exchange/Exch 2010

This list only includes links in the domain of the GPO.

Security Filtering

The settings in this GPO can only apply to the following groups, users, and computers:

Name
NT AUTHORITY\Authenticated Users

Delegation

These groups and users have the specified permission for this GPO

Name	Allowed Permissions	Inherited
NETID\Domain Admins	Edit settings, delete, modify security	No
NETID\Enterprise Admins	Edit settings, delete, modify security	No
NT AUTHORITY\Authenticated Users	Read (from Security Filtering)	No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS	Read	No
NT AUTHORITY\SYSTEM	Edit settings, delete, modify security	No

Computer Configuration (Enabled)

Policies

Windows Settings

Security Settings

Account Policies/Password Policy

Policy	Setting
Enforce password history	0 passwords remembered
Maximum password age	0 days
Minimum password age	0 days
Minimum password length	1 characters
Password must meet complexity requirements	Disabled
Store passwords using reversible encryption	Disabled

Account Policies/Kerberos Policy

Policy	Setting
Enforce user logon restrictions	Enabled
Maximum lifetime for service ticket	600 minutes
Maximum lifetime for user ticket	10 hours
Maximum lifetime for user ticket renewal	7 days
Maximum tolerance for computer clock synchronization	5 minutes

Local Policies/User Rights Assignment

Policy	Setting
Add workstations to domain	NETID\u_windowsinfrastructure_computerjoiners

Local Policies/Security Options

Accounts

Policy	Setting
Accounts: Guest account status	Disabled
Accounts: Limit local account use of blank passwords to console logon only	Enabled

Domain Member

Policy	Setting
Domain member: Digitally encrypt secure channel data (when possible)	Enabled
Domain member: Digitally sign secure channel data (when possible)	Enabled

Microsoft Network Client

Policy	Setting
Microsoft network client: Digitally sign communications (if server agrees)	Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers	Disabled

Microsoft Network Server

Policy	Setting
Microsoft network server: Digitally sign communications (if client agrees)	Enabled

Network Access

Policy	Setting
Network access: Allow anonymous SID/Name translation	Disabled
Network access: Do not allow anonymous enumeration of SAM accounts	Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares	Enabled
Network access: Let Everyone permissions apply to anonymous users	Disabled

Network Security

Policy	Setting
Network security: Do not store LAN Manager hash value on next password change	Enabled
Network security: LAN Manager authentication level	Send NTLMv2 response only. Refuse LM & NTLM

Other

Policy	Setting
Network security: Allow Local System to use computer identity for NTLM	Enabled
Network security: Restrict NTLM: Audit Incoming NTLM Traffic	Enable auditing for all accounts
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers	Audit all

Public Key Policies/Encrypting File System

Certificates

Issued To	Issued By	Expiration Date	Intended Purposes
administrator	administrator	6/12/2009 11:15:54 PM	File Recovery

For additional information about individual settings, launch the Local Group Policy Object Editor.

Public Key Policies/Trusted Root Certification Authorities

Certificates

Issued To	Issued By	Expiration Date	Intended Purposes
AddTrust External CA Root	AddTrust External CA Root	5/30/2020 3:48:38 AM	<All>
UW Services CA	UW Services CA	9/3/2030 11:25:09 AM	<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.

Administrative Templates

Policy definitions (ADMX files) retrieved from the local computer.

System/Group Policy

Policy	Setting	Comment
Allow cross-forest user policy and roaming user profiles	Enabled

System/Kerberos

Policy	Setting	Comment
Kerberos client support for claims, compound authentication and Kerberos armoring	Enabled

System/Windows Time Service/Time Providers

Policy	Setting	Comment
Enable Windows NTP Client	Enabled

User Configuration (Enabled)

Policies

Administrative Templates

Policy definitions (ADMX files) retrieved from the local computer.

System/Ctrl+Alt+Del Options

Policy	Setting	Comment
Remove Change Password	Enabled

System/Power Management

Policy	Setting	Comment
Prompt for password on resume from hibernate/suspend	Enabled