Default Domain Controllers Policy
Data collected on: 5/29/2009 7:14:23 PM
General
Details
Domainsmallbusiness.local
OwnerSMALLBUSINESS\Domain Admins
Created 5/29/2009 6:21:14 PM
Modified 5/29/2009 6:30:34 PM
User Revisions 0 (AD), 0 (sysvol)
Computer Revisions 2 (AD), 2 (sysvol)
Unique ID {6AC1786C-016F-11D2-945F-00C04FB984F9}
GPO Status Enabled
Links
LocationEnforced Link Status Path
Domain ControllersNo Enabledsmallbusiness.local/Domain Controllers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name None
Description Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS ReadNo
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/User Rights Assignment
Policy Setting
Access this computer from the network Everyone, BUILTIN\Administrators, NT AUTHORITY\Authenticated Users, NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS, BUILTIN\Pre-Windows 2000 Compatible Access
Add workstations to domain NT AUTHORITY\Authenticated Users
Adjust memory quotas for a process NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE, SMALLBUSINESS\SQLServer2005MSSQLUser$SMALLBUSISERVER$MICROSOFT##SSEE, SMALLBUSINESS\SQLServer2005MSSQLUser$SMALLBUSISERVER$SBSMONITORING, SMALLBUSINESS\SQLServer2005MSFTEUser$SMALLBUSISERVER$SBSMONITORING, BUILTIN\Administrators
Allow log on locally BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Account Operators, BUILTIN\Server Operators, BUILTIN\Print Operators
Back up files and directories BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Server Operators
Bypass traverse checking Everyone, NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE, SMALLBUSINESS\SQLServer2005MSSQLUser$SMALLBUSISERVER$MICROSOFT##SSEE, SMALLBUSINESS\SQLServer2005MSSQLUser$SMALLBUSISERVER$SBSMONITORING, SMALLBUSINESS\SQLServer2005MSFTEUser$SMALLBUSISERVER$SBSMONITORING, BUILTIN\Administrators, NT AUTHORITY\Authenticated Users, BUILTIN\Pre-Windows 2000 Compatible Access
Change the system time NT AUTHORITY\LOCAL SERVICE, BUILTIN\Administrators, BUILTIN\Server Operators
Create a pagefileBUILTIN\Administrators
Debug programsBUILTIN\Administrators
Enable computer and user accounts to be trusted for delegation BUILTIN\Administrators
Force shutdown from a remote system BUILTIN\Administrators, BUILTIN\Server Operators
Generate security audits NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE
Increase scheduling priority BUILTIN\Administrators
Load and unload device drivers BUILTIN\Administrators, BUILTIN\Print Operators
Log on as a batch job SMALLBUSINESS\SQLServer2005MSSQLUser$SMALLBUSISERVER$MICROSOFT##SSEE, SMALLBUSINESS\SQLServer2005MSSQLUser$SMALLBUSISERVER$SBSMONITORING, SMALLBUSINESS\SQLServer2005MSFTEUser$SMALLBUSISERVER$SBSMONITORING, BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Performance Log Users, BUILTIN\IIS_IUSRS
Manage auditing and security log SMALLBUSINESS\Exchange Servers, BUILTIN\Administrators
Modify firmware environment values BUILTIN\Administrators
Profile single process BUILTIN\Administrators
Profile system performance BUILTIN\Administrators
Remove computer from docking station BUILTIN\Administrators
Replace a process level token NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE, SMALLBUSINESS\SQLServer2005MSSQLUser$SMALLBUSISERVER$MICROSOFT##SSEE, SMALLBUSINESS\SQLServer2005MSSQLUser$SMALLBUSISERVER$SBSMONITORING, SMALLBUSINESS\SQLServer2005MSFTEUser$SMALLBUSISERVER$SBSMONITORING
Restore files and directories BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Server Operators
Shut down the system BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Server Operators, BUILTIN\Print Operators
Take ownership of files or other objects BUILTIN\Administrators
Local Policies/Security Options
Domain Controller
Policy Setting
Domain controller: LDAP server signing requirements None
Domain Member
Policy Setting
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Microsoft Network Server
Policy Setting
Microsoft network server: Digitally sign communications (always) Enabled
Microsoft network server: Digitally sign communications (if client agrees) Enabled
Network Security
Policy Setting
Network security: LAN Manager authentication level Send NTLMv2 response only
User Configuration (Enabled)
No settings defined.