Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
Default Domain Controllers Policy
Data collected on: 6/27/2007 1:20:11 PM
General
Details
Domainphas.ubc.ca
OwnerPHAS\Domain Admins
Created8/23/2006 1:58:34 PM
Modified8/30/2006 8:53:54 AM
User Revisions0 (AD), 0 (sysvol)
Computer Revisions18 (AD), 18 (sysvol)
Unique ID{6AC1786C-016F-11D2-945F-00C04fB984F9}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
Domain ControllersNoEnabledphas.ubc.ca/Domain Controllers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter NameNone
DescriptionNot applicable
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
PHAS\Domain AdminsEdit settings, delete, modify securityNo
PHAS\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Windows Settings
Security Settings
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess
Audit account managementSuccess, Failure
Audit directory service accessSuccess
Audit logon eventsSuccess
Audit object accessNo auditing
Audit policy changeSuccess
Audit privilege useNo auditing
Audit process trackingNo auditing
Audit system eventsSuccess
Local Policies/User Rights Assignment
PolicySetting
Access this computer from the networkBUILTIN\Pre-Windows 2000 Compatible Access, NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS, NT AUTHORITY\Authenticated Users, BUILTIN\Administrators, Everyone
Act as part of the operating system
Add workstations to domainNT AUTHORITY\Authenticated Users
Adjust memory quotas for a processBUILTIN\Administrators, NT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\LOCAL SERVICE, PHAS\sshd_server
Allow log on locallyPHAS\ProfileAdmin, BUILTIN\Print Operators, BUILTIN\Server Operators, BUILTIN\Account Operators, BUILTIN\Backup Operators, BUILTIN\Administrators, PHAS\peditor, PHAS\rapugrad
Back up files and directoriesBUILTIN\Server Operators, BUILTIN\Backup Operators, BUILTIN\Administrators
Bypass traverse checkingBUILTIN\Pre-Windows 2000 Compatible Access, NT AUTHORITY\Authenticated Users, BUILTIN\Administrators, Everyone
Change the system timeBUILTIN\Server Operators, BUILTIN\Administrators, NT AUTHORITY\LOCAL SERVICE
Create a pagefileBUILTIN\Administrators
Create a token objectPHAS\sshd_server
Create permanent shared objects
Debug programsBUILTIN\Administrators
Deny access to this computer from the networkPHAS\sshd_server
Deny log on as a batch job
Deny log on as a service
Deny log on locallyPHAS\sshd_server
Enable computer and user accounts to be trusted for delegationBUILTIN\Administrators
Force shutdown from a remote systemBUILTIN\Server Operators, BUILTIN\Administrators
Generate security auditsNT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\LOCAL SERVICE
Increase scheduling priorityBUILTIN\Administrators
Load and unload device driversBUILTIN\Print Operators, BUILTIN\Administrators
Lock pages in memory
Log on as a batch job
Log on as a servicePHAS\sshd_server, PHAS\REP, PHAS\NetShield, NT AUTHORITY\NETWORK SERVICE
Manage auditing and security logBUILTIN\Administrators
Modify firmware environment valuesBUILTIN\Administrators
Profile single processBUILTIN\Administrators
Profile system performanceBUILTIN\Administrators
Remove computer from docking stationBUILTIN\Administrators
Replace a process level tokenPHAS\sshd_server, NT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\LOCAL SERVICE
Restore files and directoriesBUILTIN\Server Operators, BUILTIN\Backup Operators, BUILTIN\Administrators
Shut down the systemBUILTIN\Print Operators, BUILTIN\Server Operators, BUILTIN\Backup Operators, BUILTIN\Administrators
Synchronize directory service data
Take ownership of files or other objectsBUILTIN\Administrators
Local Policies/Security Options
Domain Controller
PolicySetting
Domain controller: LDAP server signing requirementsNone
Domain Member
PolicySetting
Domain member: Digitally encrypt or sign secure channel data (always)Enabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Security
PolicySetting
Network security: LAN Manager authentication levelSend NTLM response only
User Configuration (Enabled)
No settings defined.