Default Domain Policy

General

Details

Domain	smallbusiness.local
Owner	SMALLBUSINESS\Domain Admins
Created	5/29/2009 6:21:14 PM
Modified	5/29/2009 6:43:10 PM
User Revisions	0 (AD), 0 (sysvol)
Computer Revisions	5 (AD), 5 (sysvol)
Unique ID	{31B2F340-016D-11D2-945F-00C04FB984F9}
GPO Status	Enabled

Links

Location	Enforced	Link Status	Path
smallbusiness	No	Enabled	smallbusiness.local

This list only includes links in the domain of the GPO.

Security Filtering

The settings in this GPO can only apply to the following groups, users, and computers:

Name
NT AUTHORITY\Authenticated Users

WMI Filtering

WMI Filter Name	None
Description	Not applicable

Delegation

These groups and users have the specified permission for this GPO

Name	Allowed Permissions	Inherited
NT AUTHORITY\Authenticated Users	Read (from Security Filtering)	No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS	Read	No
NT AUTHORITY\SYSTEM	Edit settings, delete, modify security	No

Policy	Setting
Enforce password history	24 passwords remembered
Maximum password age	180 days
Minimum password age	2 days
Minimum password length	8 characters
Password must meet complexity requirements	Enabled
Store passwords using reversible encryption	Disabled

Policy

Setting

Enforce password history

24 passwords remembered

Maximum password age

180 days

Minimum password age

2 days

Minimum password length

8 characters

Password must meet complexity requirements

Enabled

Store passwords using reversible encryption

Disabled

Policy	Setting
Account lockout threshold	0 invalid logon attempts

Policy

Setting

Account lockout threshold

0 invalid logon attempts

Policy	Setting
Enforce user logon restrictions	Enabled
Maximum lifetime for service ticket	600 minutes
Maximum lifetime for user ticket	10 hours
Maximum lifetime for user ticket renewal	7 days
Maximum tolerance for computer clock synchronization	5 minutes

Policy

Setting

Enforce user logon restrictions

Enabled

Maximum lifetime for service ticket

600 minutes

Maximum lifetime for user ticket

10 hours

Maximum lifetime for user ticket renewal

7 days

Maximum tolerance for computer clock synchronization

5 minutes

Policy	Setting
Network access: Allow anonymous SID/Name translation	Disabled

Policy

Setting

Network access: Allow anonymous SID/Name translation

Disabled

Policy	Setting
Network security: Do not store LAN Manager hash value on next password change	Enabled
Network security: Force logoff when logon hours expire	Disabled

Policy

Setting

Network security: Do not store LAN Manager hash value on next password change

Enabled

Network security: Force logoff when logon hours expire

Disabled

Issued To	Issued By	Expiration Date	Intended Purposes
Administrator	Administrator	5/28/2012 6:24:39 PM	File Recovery

Issued To

Issued By

Expiration Date

Intended Purposes

Administrator

5/28/2012 6:24:39 PM

File Recovery

Policy	Setting
Allow users to select new root certification authorities (CAs) to trust	Enabled
Client computers can trust the following certificate stores	Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
To perform certificate-based authentication of users and computers, CAs must meet the following criteria	Registered in Active Directory only

Policy

Setting

Allow users to select new root certification authorities (CAs) to trust

Enabled

Client computers can trust the following certificate stores

Third-Party Root Certification Authorities and Enterprise Root Certification Authorities

To perform certificate-based authentication of users and computers, CAs must meet the following criteria

Registered in Active Directory only