Default Domain Policy
Default Domain Policy
Data collected on: 10/12/2012 5:28:08 PM GeneralDetails
Domain webrecon.local
Owner WEBRECON\Domain Admins
Created 10/2/2012 6:17:02 AM
Modified 10/12/2012 2:37:32 PM
User Revisions 0 (AD), 0 (sysvol)
Computer Revisions 227 (AD), 227 (sysvol)
Unique ID {31B2F340-016D-11D2-945F-00C04FB984F9}
GPO Status Enabled
Links
Location Enforced Link Status Path
webrecon No Enabled webrecon.local
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Account Policies/Password Policy
Policy Setting
Enforce password history 24 passwords remembered
Maximum password age 60 days
Minimum password age 2 days
Minimum password length 8 characters
Password must meet complexity requirements Enabled
Default Domain Policy
Store passwords using reversible encryption Disabled
Account Policies/Account Lockout Policy
Policy Setting
Account lockout duration 15 minutes
Account lockout threshold 15 invalid logon attempts
Reset account lockout counter after 15 minutes
Account Policies/Kerberos Policy
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
Local Policies/Security Options
Interactive Logon
Policy Setting
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Disabled
Interactive logon: Message text for users attempting to log on |--, |---- Web Recon LLC, |--- +++++++++++++++, |--- AUTHORIZED ACCESS ONLY, |---, |---- By accessing or attempting to access the, |-- networks and systems of WebRecon LLC, |---- you agree to be bound to the terms and the, |--- conditions of the Technology Acceptable, |--- Use Agreement (TAUA). Access to these, ---- systems is logged and monitored., --,
|--Interactive logon: Message title for users attempting to log on "WebRecon"
Interactive logon: Prompt user to change password before expiration 3 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Smart card removal behavior Lock Workstation
Microsoft Network Client
Policy Setting
Microsoft network client: Digitally sign communications (always) Enabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft Network Server
Policy Setting
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Enabled
Microsoft network server: Digitally sign communications (if client agrees) Enabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Default Domain Policy
Policy Setting
Interactive logon: Display user information when the session is locked User display name, domain and user names
Public Key Policies/Encrypting File System
Certificates
Issued To Issued By Expiration Date Intended Purposes
Administrator Administrator 9/8/2112 6:24:25 AM File Recovery
For additional information about individual settings, launch Group Policy Object Editor.
Public Key Policies/Trusted Root Certification Authorities
Properties
Policy Setting
Allow users to select new root certification authorities (CAs) to trust Enabled
Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only
Windows Firewall with Advanced Security
Global Settings
Policy Setting
Policy version Not Configured
Disable stateful FTP Not Configured
Disable stateful PPTP Not Configured
IPsec exempt Not Configured
IPsec through NAT Not Configured
Preshared key encoding Not Configured
SA idle time Not Configured
Strong CRL check Not Configured
Domain Profile Settings
Policy Setting
Firewall state On
Inbound connections Not Configured
Outbound connections Not Configured
Apply local firewall rules Not Configured
Apply local connection security rules Not Configured
Display notifications Not Configured
Allow unicast responses Not Configured
Log dropped packets Yes
Log successful connections Yes
Log file path %systemroot%\system32\LogFiles\Firewall\pfirewall.log
Log file maximum size (KB) 8096
Default Domain Policy
Administrative Templates
Policy definitions (ADMX files) retrieved from the local machine.
Control Panel/User Accounts
Policy Setting Comment
Apply the default user logon picture to all users Enabled
Network/Network Connections/Windows Firewall/Domain Profile
Policy Setting Comment
Windows Firewall: Allow ICMP exceptions Disabled
Windows Firewall: Allow inbound file and printer sharing exception Enabled Allow unsolicited incoming messages from these IP addresses:
Syntax:
Type "*" to allow messages from any network, or else type a comma-separated list that contains any number or combination of these: IP addresses, such as 10.0.0.1 Subnet descriptions, such as 10.2.3.0/24 The string "localsubnet"
Example: to allow messages from 10.0.0.1, 10.0.0.2, and from any system on the local subnet or on the 10.3.4.x subnet, type the following in the "Allow unsolicited" incoming messages from these IP addresses": 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
Policy Setting Comment
Windows Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses: Syntax:
Type "*" to allow messages from any network, or else type a comma-separated list that contains any number or combination of these: IP addresses, such as 10.0.0.1 Subnet descriptions, such as 10.2.3.0/24 The string "localsubnet"
Example: to allow messages from 10.0.0.1, 10.0.0.2, and from any system on the local subnet or on the 10.3.4.x subnet, type the following in the "Allow unsolicited" incoming messages from these IP addresses": 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
Policy Setting Comment
Default Domain Policy
Allow unsolicited incoming messages from these IP addresses: Syntax:
Type "*" to allow messages from any network, or else type a comma-separated list that contains any number or combination of these: IP addresses, such as 10.0.0.1 Subnet descriptions, such as 10.2.3.0/24 The string "localsubnet"
Example: to allow messages from 10.0.0.1, 10.0.0.2, and from any system on the local subnet or on the 10.3.4.x subnet, type the following in the "Allow unsolicited" incoming messages from these IP addresses": 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
Policy Setting Comment
Windows Firewall: Allow local port exceptions Disabled
Windows Firewall: Allow local program exceptions Disabled
Windows Firewall: Allow logging Enabled
Log dropped packets Enabled
Log successful connections Enabled
Log file path and name: %systemroot%\system32\LogFiles\Firewall\pfirewall.log
Size limit (KB): 8096
Policy Setting Comment
Windows Firewall: Protect all network connections Enabled
Network/Network Connections/Windows Firewall/Standard Profile
Policy Setting Comment
Windows Firewall: Protect all network connections Enabled
Windows Components/AutoPlay Policies
Policy Setting Comment
Turn off Autoplay Enabled
Turn off Autoplay on: All drives
Windows Components/Desktop Gadgets
Policy Setting Comment
Restrict unpacking and installation of gadgets that are not digitally signed. Enabled
Windows Components/Event Log Service/Application
Policy Setting Comment
Backup log automatically when full Enabled
Log File Path Enabled
Log File Path \\WRECON-2008AD\SystemLogs\EventViewer\App\Application.evtx
Policy Setting Comment
Maximum Log Size (KB) Enabled
Maximum Log Size (KB) 40960
Default Domain Policy
Retain old events Enabled
Windows Components/Event Log Service/Security
Policy Setting Comment
Backup log automatically when full Enabled
Log File Path Enabled
Log File Path \\WRECON-2008AD\SystemLogs\EventViewer\Security\Security.evtx
Policy Setting Comment
Maximum Log Size (KB) Enabled
Maximum Log Size (KB) 40960
Policy Setting Comment
Retain old events Enabled
Windows Components/Event Log Service/Setup
Policy Setting Comment
Backup log automatically when full Enabled
Log File Path Enabled
Log File Path \\WRECON-2008AD\SystemLogs\EventViewer\Setup\Setup.evtx
Policy Setting Comment
Maximum Log Size (KB) Enabled
Maximum Log Size (KB) 40960
Policy Setting Comment
Retain old events Enabled
Turn on logging Enabled
Windows Components/Event Log Service/System
Policy Setting Comment
Backup log automatically when full Enabled
Log File Path Enabled
Log File Path \\WRECON-2008AD\SystemLogs\EventViewer\System\System.evtx
Policy Setting Comment
Maximum Log Size (KB) Enabled
Maximum Log Size (KB) 40960
Policy Setting Comment
Retain old events Enabled
Windows Components/Internet Explorer
Policy Setting Comment
Prevent "Fix settings" functionality Enabled
Prevent performance of First Run Customize settings Enabled
Default Domain Policy
Policy Setting Comment
Turn off Reopen Last Browsing Session Enabled
Turn on menu bar by default Enabled
Windows Components/Windows Logon Options
Policy Setting Comment
Display information about previous logons during user logon Disabled
Report when logon server was not available during user logon Enabled
Preferences
Control Panel Settings
Power Options
Power Plan (Windows Vista) (Name: High performance)
Power Plan (Windows Vista and later) (Order: 1)
Properties
Action Update
Make this the active Power Plan: Enabled
Name High performance
When computer is: Plugged in Running on batteries
Require a password on wakeup: Yes Yes
Turn off hard disk after: Never Never
Allow hybrid sleep: Off Off
Hibernate after: Never Never
Lid close action: Sleep Sleep
Power button action: Shutdown Shutdown
Start menu power button: Hibernate Hibernate
Link State Power Management: Off Off
Minimum processor state: After 100 minutes After 5 minutes
Maximum processor state: After 100 minutes After 100 minutes
Turn off display after: After 15 minutes After 10 minutes
Adaptive display: On On
Critical battery action: Do nothing Hibernate
Low battery level: After 10 minutes After 10 minutes
Critical battery level: After 5 minutes After 5 minutes
Low battery notification: Off Off
Low battery action: Do nothing Do nothing
Common
Options
Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied No
Apply once and do not reapply No
