Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
Default Domain Policy
Data collected on: 8/30/2006 2:12:31 PM
General
Details
Domainnetid.washington.edu
OwnerNETID\Domain Admins
Created6/13/2006 11:11:18 PM
Modified8/11/2006 10:53:42 AM
User Revisions3 (AD), 3 (sysvol)
Computer Revisions103 (AD), 103 (sysvol)
Unique ID{31B2F340-016D-11D2-945F-00C04FB984F9}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
netidNoEnablednetid.washington.edu

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter NameNone
DescriptionNot applicable
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
NETID\Domain AdminsEdit settings, delete, modify securityNo
NETID\Enterprise AdminsEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Windows Settings
Security Settings
Account Policies/Password Policy
PolicySetting
Enforce password history0 passwords remembered
Maximum password age0 days
Minimum password age0 days
Minimum password length1 characters
Password must meet complexity requirementsDisabled
Store passwords using reversible encryptionDisabled
Account Policies/Kerberos Policy
PolicySetting
Enforce user logon restrictionsEnabled
Maximum lifetime for service ticket600 minutes
Maximum lifetime for user ticket10 hours
Maximum lifetime for user ticket renewal7 days
Maximum tolerance for computer clock synchronization5 minutes
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useFailure
Audit system eventsSuccess, Failure
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Guest account statusDisabled
Accounts: Limit local account use of blank passwords to console logon onlyEnabled
Domain Member
PolicySetting
Domain member: Digitally encrypt secure channel data (when possible)Enabled
Domain member: Digitally sign secure channel data (when possible)Enabled
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (if server agrees)Enabled
Microsoft network client: Send unencrypted password to third-party SMB serversDisabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Access
PolicySetting
Network access: Allow anonymous SID/Name translationDisabled
Network access: Do not allow anonymous enumeration of SAM accountsEnabled
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabled
Network access: Let Everyone permissions apply to anonymous usersDisabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: LAN Manager authentication levelSend NTLMv2 response only\refuse LM & NTLM
Event Log
PolicySetting
Maximum application log size16384 kilobytes
Maximum security log size50240 kilobytes
Maximum system log size16384 kilobytes
Prevent local guests group from accessing application logEnabled
Prevent local guests group from accessing security logEnabled
Prevent local guests group from accessing system logEnabled
Retention method for application logAs needed
Retention method for security logAs needed
Retention method for system logAs needed
Public Key Policies/Autoenrollment Settings
PolicySetting
Enroll certificates automaticallyEnabled
Renew expired certificates, update pending certificates, and remove revoked certificatesDisabled
Update certificates that use certificate templatesDisabled
Public Key Policies/Encrypting File System
Properties
PolicySetting
Allow users to encrypt files using Encrypting File System (EFS)Enabled
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
administratoradministrator6/12/2009 11:15:54 PMFile Recovery

For additional information about individual settings, launch Group Policy Object Editor.
Public Key Policies/Trusted Root Certification Authorities
Properties
PolicySetting
Allow users to select new root certification authorities (CAs) to trustEnabled
Client computers can trust the following certificate storesThird-Party Root Certification Authorities and Enterprise Root Certification Authorities
To perform certificate-based authentication of users and computers, CAs must meet the following criteriaRegistered in Active Directory only
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
UW Services CAUW Services CA9/3/2030 11:25:09 AM<All>

For additional information about individual settings, launch Group Policy Object Editor.
Administrative Templates
System/Group Policy
PolicySetting
Allow Cross-Forest User Policy and Roaming User ProfilesEnabled
Group Policy refresh interval for computersEnabled
This setting allows you to customize how often Group Policy is applied
to computers. The range is 0 to 64800 minutes (45 days).
Minutes:15
This is a random time added to the refresh interval to prevent
all clients from requesting Group Policy at the same time.
The range is 0 to 1440 minutes (24 hours)
Minutes:5
PolicySetting
Group Policy refresh interval for domain controllersEnabled
This setting allows you to customize how often Group Policy is applied
to domain controllers. The range is 0 to 64800 minutes (45 days).
Minutes:5
This is a random time added to the refresh interval to prevent
all clients from requesting Group Policy at the same time.
The range is 0 to 1440 minutes (24 hours)
Minutes:0
PolicySetting
IP Security policy processingEnabled
Allow processing across a slow network connectionEnabled
Do not apply during periodic background processingDisabled
Process even if the Group Policy objects have not changedEnabled
PolicySetting
Registry policy processingEnabled
Do not apply during periodic background processingDisabled
Process even if the Group Policy objects have not changedEnabled
PolicySetting
Security policy processingEnabled
Do not apply during periodic background processingDisabled
Process even if the Group Policy objects have not changedEnabled
System/User Profiles
PolicySetting
Add the Administrators security group to roaming user profilesEnabled
System/Windows Time Service
PolicySetting
Global Configuration SettingsEnabled
Clock Discipline Parameters
FrequencyCorrectRate4
HoldPeriod5
LargePhaseOffset1280000
MaxAllowedPhaseOffset300
MaxNegPhaseCorrection54000
MaxPosPhaseCorrection54000
PhaseCorrectRate1
PollAdjustFactor5
SpikeWatchPeriod90
UpdateInterval30000
General Parameters
AnnounceFlags10
EventLogFlags2
LocalClockDispersion10
MaxPollInterval15
MinPollInterval10
System/Windows Time Service/Time Providers
PolicySetting
Enable Windows NTP ClientEnabled
User Configuration (Enabled)
Administrative Templates
System/Power Management
PolicySetting
Prompt for password on resume from hibernate / suspendEnabled