Default Domain Policy Data collected on: 10/12/2012 5:28:08 PM General



Similar documents
Windows Server 2008/2012 Server Hardening

Setting Up Scan to SMB on TaskALFA series MFP s.

Best Practice Guide CLEO Remote Access Services

Web. Security Options Comparison

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

SyAM Software Management Utilities. Creating Templates

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security.

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Agency Pre Migration Tasks

User Management Guide

PLANNING AND DESIGNING GROUP POLICY, PART 1

Active Directory Group Policy. Administrator Reference

Belarc Advisor Security Benchmark Summary

Entrust Managed Services PKI

This section provides a summary of using network location profiles to identify network connection types. Details include:

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations

Requesting and Using an Admin Apps Virtual Desktop for Advantage

Defense Security Service Office of the Designated Approving Authority

Group Policy 21/05/2013

Objectives. At the end of this chapter students should be able to:

Windows Operating Systems. Basic Security

SyncLockStatus Evaluator s Guide

Intel(R) IT Director User's Guide

Activity 1: Scanning with Windows Defender

WhatsUp Gold v16.1 Installation and Configuration Guide

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)

Windows Advanced Audit Policy Configuration

Server Manager Performance Monitor. Server Manager Diagnostics Page. . Information. . Audit Success. . Audit Failure

Pearl Echo Installation Checklist

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

Password Manager Windows Desktop Client

WhatsUp Gold v16.2 Installation and Configuration Guide

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

Virtual CD v10. Network Management Server Manual. H+H Software GmbH

Experiment No.5. Security Group Policies Management

NETASQ SSO Agent Installation and deployment

Chapter 4 Virtual Private Networking

Networking Best Practices Guide. Version 6.5

Workflow Templates Library

SQL Server Hardening

DriveLock Quick Start Guide

Dell Active Administrator 7.5. Install Guide

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Log Management and Intrusion Detection

USER GUIDE WWPass Security for Windows Logon

Admin Report Kit for Active Directory

Microsoft Windows 7. Administration. Instant Reference. William Panek WILEY. Wiley Publishing, Inc.

Security Options... 1

Windows 7 / Server 2008 R2 Configuration Overview. By: Robert Huth Dated: March 2014

Freshservice Discovery Probe User Guide

Hosting Users Guide 2011

CRYPTOLogon Agent. for Windows Domain Logon Authentication. Deployment Guide. Copyright , CRYPTOCard Corporation, All Rights Reserved.

Understanding Task Scheduler FIGURE Task Scheduler. The error reporting screen.

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Fixes for CrossTec ResQDesk

Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005

Advanced Administration

Virtual Data Centre. User Guide

Secure configuration document

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

CIS Microsoft Windows Server v Benchmark

Password Reset PRO INSTALLATION GUIDE

2. Using Notepad, create a file called c:\demote.txt containing the following information:

How to Logon with Domain Credentials to a Server in a Workgroup

EventTracker: Support to Non English Systems

Windows XP VPN Client Example

qliqdirect Active Directory Guide

In this topic we will cover the security functionality provided with SAP Business One.

Alcatel-Lucent Extended Communication Server Active directory synchronization : installation and administration

Chapter 2 Editor s Note:

Netwatch Installation For Windows

IIS, FTP Server and Windows

Quick Start Guide for VMware and Windows 7

WebLogic Server 6.1: How to configure SSL for PeopleSoft Application

SWCS 4.2 Client Configuration Users Guide Revision /26/2012 Solatech, Inc.

Windows NT Server Operating System Security Features Carol A. Siegel Payoff

MS-50255: Managing, Maintaining, and Securing Your Networks Through Group Policy. Course Objectives. Required Exam(s) Price.

Chapter 8 Virtual Private Networking

Lenovo Online Data Backup User Guide Version

NETWRIX ACCOUNT LOCKOUT EXAMINER

Chapter 7 Managing Users, Authentication, and Certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Bitrix Site Manager ASP.NET. Installation Guide

Administrators Help Manual

MN-700 Base Station Configuration Guide

Windows Firewall with Advanced Security Step-by-Step Guide - Deploying Firewall Policies

VPN Overview. The path for wireless VPN users

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

Active Directory. Users & Computers. Group Policies

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

FortKnox Personal Firewall

Password Reset PRO. Quick Setup Guide for Single Server or Two-Tier Installation

Migrating MSDE to Microsoft SQL 2008 R2 Express

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Transcription:

Default Domain Default Domain Data collected on: 10/12/2012 5:28:08 PM General Details Domain Owner Created Modified User Revisions Computer Revisions Unique ID GPO Status webrecon.local WEBRECON\Domain Admins 10/2/2012 6:17:02 AM 10/12/2012 2:37:32 PM 0 (AD), 0 (sysvol) 227 (AD), 227 (sysvol) {31B2F340-016D-11D2-945F-00C04FB984F9} Links Location Enforced Link Status Path webrecon No webrecon.local This list only includes links in the domain of the GPO. Security Filtering The settings in this GPO can only apply to the following groups, users, and computers: Name NT AUTHORITY\Authenticated Users Delegation These groups and users have the specified permission for this GPO Name Allowed Permissions Inherited NT AUTHORITY\Authenticated Users Read (from Security Filtering) No NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No NT AUTHORITY\SYSTEM Edit settings, delete, modify security No Computer Configuration () Policies Windows s Security s Account Policies/Password Enforce password history Maximum password age Minimum password age Minimum password length Password must meet complexity requirements 24 passwords remembered 60 days 2 days 8 characters file:////192.168.1.21/d$/webrecon/group%20policies/default%20domain%20%2010-12-12.htm (1 of 7)10/12/2012 5:29:34 PM

Default Domain Store passwords using reversible encryption Account Policies/Account Lockout Account lockout duration Account lockout threshold Reset account lockout counter after 15 minutes 15 invalid logon attempts 15 minutes Account Policies/Kerberos Enforce user logon restrictions Maximum lifetime for service ticket Maximum lifetime for user ticket Maximum lifetime for user ticket renewal Maximum tolerance for computer clock synchronization 600 minutes 10 hours 7 days 5 minutes Local Policies/Security Options Interactive Logon Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL Interactive logon: Message text for users attempting to log on --, ---- Web Recon LLC, ------ +++++++++++++++, -------- AUTHORIZED ACCESS ONLY, ------, ---- By accessing or attempting to access the, -- networks and systems of WebRecon LLC, ---- you agree to be bound to the terms and the, ------ conditions of the Technology Acceptable, -------- Use Agreement (TAUA). Access to these, ------ systems is logged and monitored., ----, -- Interactive logon: Message title for users attempting to log on Interactive logon: Prompt user to change password before expiration Interactive logon: Require Domain Controller authentication to unlock workstation Interactive logon: Smart card removal behavior "WebRecon" 3 days Lock Workstation Microsoft Network Client Microsoft network client: Digitally sign communications (always) Microsoft network client: Digitally sign communications (if server agrees) Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft Network Server Microsoft network server: Amount of idle time required before suspending session Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire 15 minutes Other file:////192.168.1.21/d$/webrecon/group%20policies/default%20domain%20%2010-12-12.htm (2 of 7)10/12/2012 5:29:34 PM

Default Domain Interactive logon: Display user information when the session is locked User display name, domain and user names Public Key Policies/Encrypting File System Certificates Issued To Issued By Expiration Date Intended Purposes Administrator Administrator 9/8/2112 6:24:25 AM File Recovery For additional information about individual settings, launch Group Object Editor. Public Key Policies/Trusted Root Certification Authorities Properties Allow users to select new root certification authorities (CAs) to trust Client computers can trust the following certificate stores To perform certificate-based authentication of users and computers, CAs must meet the following criteria Third-Party Root Certification Authorities and Enterprise Root Certification Authorities Registered in Active Directory only Windows Firewall with Advanced Security Global s version Disable stateful FTP Disable stateful PPTP IPsec exempt IPsec through NAT Preshared key encoding SA idle time Strong CRL check Domain Profile s Firewall state Inbound connections Outbound connections Apply local firewall rules Apply local connection security rules Display notifications Allow unicast responses Log dropped packets Log successful connections Log file path On Yes Yes %systemroot%\system32\logfiles\firewall\pfirewall.log Log file maximum size (KB) 8096 Connection Security s file:////192.168.1.21/d$/webrecon/group%20policies/default%20domain%20%2010-12-12.htm (3 of 7)10/12/2012 5:29:34 PM

Default Domain Administrative Templates definitions (ADMX files) retrieved from the local machine. Control Panel/User Accounts Apply the default user logon picture to all users Network/Network Connections/Windows Firewall/Domain Profile Windows Firewall: Allow ICMP exceptions Windows Firewall: Allow inbound file and printer sharing exception Allow unsolicited incoming messages from these IP addresses: Syntax: Type "*" to allow messages from any network, or else type a comma-separated list that contains any number or combination of these: IP addresses, such as 10.0.0.1 Subnet descriptions, such as 10.2.3.0/24 The string "localsubnet" Example: to allow messages from 10.0.0.1, 10.0.0.2, and from any system on the local subnet or on the 10.3.4.x subnet, type the following in the "Allow unsolicited" incoming messages from these IP addresses": 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24 Windows Firewall: Allow inbound remote administration exception Allow unsolicited incoming messages from these IP addresses: Syntax: Type "*" to allow messages from any network, or else type a comma-separated list that contains any number or combination of these: IP addresses, such as 10.0.0.1 Subnet descriptions, such as 10.2.3.0/24 The string "localsubnet" Example: to allow messages from 10.0.0.1, 10.0.0.2, and from any system on the local subnet or on the 10.3.4.x subnet, type the following in the "Allow unsolicited" incoming messages from these IP addresses": 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24 Windows Firewall: Allow inbound Remote Desktop exceptions file:////192.168.1.21/d$/webrecon/group%20policies/default%20domain%20%2010-12-12.htm (4 of 7)10/12/2012 5:29:34 PM

Default Domain Allow unsolicited incoming messages from these IP addresses: Syntax: Type "*" to allow messages from any network, or else type a comma-separated list that contains any number or combination of these: IP addresses, such as 10.0.0.1 Subnet descriptions, such as 10.2.3.0/24 The string "localsubnet" Example: to allow messages from 10.0.0.1, 10.0.0.2, and from any system on the local subnet or on the 10.3.4.x subnet, type the following in the "Allow unsolicited" incoming messages from these IP addresses": 10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24 Windows Firewall: Allow local port exceptions Windows Firewall: Allow local program exceptions Windows Firewall: Allow logging Log dropped packets Log successful connections Log file path and name: %systemroot%\system32\logfiles\firewall\pfirewall.log Size limit (KB): 8096 Windows Firewall: Protect all network connections Network/Network Connections/Windows Firewall/Standard Profile Windows Firewall: Protect all network connections Windows Components/AutoPlay Policies Turn off Autoplay Turn off Autoplay on: All drives Windows Components/Desktop Gadgets Restrict unpacking and installation of gadgets that are not digitally signed. Windows Components/Event Log Service/Application \\WRECON-2008AD\SystemLogs\EventViewer\App\Application.evtx 40960 file:////192.168.1.21/d$/webrecon/group%20policies/default%20domain%20%2010-12-12.htm (5 of 7)10/12/2012 5:29:34 PM

Default Domain Windows Components/Event Log Service/Security \\WRECON-2008AD\SystemLogs\EventViewer\Security\Security.evtx 40960 Windows Components/Event Log Service/Setup \\WRECON-2008AD\SystemLogs\EventViewer\Setup\Setup.evtx 40960 Turn on logging Windows Components/Event Log Service/System \\WRECON-2008AD\SystemLogs\EventViewer\System\System.evtx 40960 Windows Components/Internet Explorer Prevent "Fix settings" functionality Prevent performance of First Run Customize settings Select your choice Go directly to home page file:////192.168.1.21/d$/webrecon/group%20policies/default%20domain%20%2010-12-12.htm (6 of 7)10/12/2012 5:29:34 PM

Default Domain Turn off Reopen Last Browsing Session Turn on menu bar by default Windows Components/Windows Logon Options Display information about previous logons during user logon Report when logon server was not available during user logon Preferences Control Panel s Power Options Power Plan (Windows Vista) (Name: High performance) Power Plan (Windows Vista and later) (Order: 1) Properties Action Make this the active Power Plan: Name Update High performance When computer is: Plugged in Running on batteries Require a password on wakeup: Yes Yes Turn off hard disk after: Never Never Allow hybrid sleep: Off Off Hibernate after: Never Never Lid close action: Sleep Sleep Power button action: Shutdown Shutdown Start menu power button: Hibernate Hibernate Link State Power Management: Off Off Minimum processor state: After 100 minutes After 5 minutes Maximum processor state: After 100 minutes After 100 minutes Turn off display after: After 15 minutes After 10 minutes Adaptive display: On On Critical battery action: Do nothing Hibernate Low battery level: After 10 minutes After 10 minutes Critical battery level: After 5 minutes After 5 minutes Low battery notification: Off Off Low battery action: Do nothing Do nothing Common Options Stop processing items on this extension if an error occurs on this item Remove this item when it is no longer applied Apply once and do not reapply No No No User Configuration () No settings defined. file:////192.168.1.21/d$/webrecon/group%20policies/default%20domain%20%2010-12-12.htm (7 of 7)10/12/2012 5:29:34 PM

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information