{AA91D5F1-6F2D-4AC5-AD30-ABD4E6A7D989} DomainName.com C_ 2007-09-11T10:55:17 2007-12-04T14:11:52 2007-12-04T19:44:19.2394072Z O:DAG:DUD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;EA)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) S-1-5-21-5689218631-3547271264-2306440767-512 DomainName\Domain Admins S-1-5-21-5689218631-3547271264-2306440767-513 DomainName\Domain Users false S-1-5-11 NT AUTHORITY\Authenticated Users Allow false true false true false Apply Group Policy 0 S-1-5-21-5689218631-3547271264-2306440767-512 DomainName\Domain Admins Allow false true false true false Edit, delete, modify security 0 S-1-5-18 NT AUTHORITY\SYSTEM Allow false true false true false Edit, delete, modify security 0 true false true275275trueRegistry policy processingEnabledDetermines when registry policies are updated. This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. If you enable this setting, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system. The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.At least Microsoft Windows 2000System/Group PolicyDo not apply during periodic background processingDisabledProcess even if the Group Policy objects have not changedEnabledRestrictions for Unauthenticated RPC clientsEnabledIf you enable this setting, it directs the RPC Runtime on an RPC server to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically asked to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy. If you disable this setting or do not configure it, the value of Authenticated will be used for Windows XP and the value of None will be used for Server SKUs that support this policy setting. If you enable it, the following values are available: -- "None" allows all RPC clients to connect to RPC Servers running on the machine on which the policy is applied. -- "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy is applied. Interfaces that have asked to be exempt from this restriction will be granted an exemption. -- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy is applied. No exceptions are allowed. Note: This policy setting will not be applied unti the system is rebooted.At least Microsoft Windows XP Professional with SP2System/Remote Procedure CallRPC Runtime Unauthenticated Client Restriction to Apply:EnabledAuthenticatedRegistryAuditAccountLogontruefalseAuditAccountManagetruefalseAuditLogonEventstruefalseAuditObjectAccessfalsefalseAuditProcessTrackingfalsefalseAuditSystemEventstruefalseSeAssignPrimaryTokenPrivilegeS-1-5-20NT AUTHORITY\NETWORK SERVICES-1-5-19NT AUTHORITY\LOCAL SERVICESeAuditPrivilegeS-1-5-20NT AUTHORITY\NETWORK SERVICES-1-5-19NT AUTHORITY\LOCAL SERVICESeBackupPrivilegeS-1-5-32-551BUILTIN\Backup OperatorsS-1-5-32-544BUILTIN\AdministratorsSeChangeNotifyPrivilegeS-1-5-32-544BUILTIN\AdministratorsSeCreatePagefilePrivilegeS-1-5-32-544BUILTIN\AdministratorsSeDebugPrivilegeS-1-5-32-544BUILTIN\AdministratorsSeDenyNetworkLogonRightSupportGuestSeIncreaseBasePriorityPrivilegeS-1-5-32-544BUILTIN\AdministratorsSeInteractiveLogonRightS-1-5-32-545BUILTIN\UsersS-1-5-32-544BUILTIN\AdministratorsSeLoadDriverPrivilegeS-1-5-32-544BUILTIN\AdministratorsSeLockMemoryPrivilegeSeManageVolumePrivilegeS-1-5-32-544BUILTIN\AdministratorsSeNetworkLogonRightS-1-5-32-545BUILTIN\UsersS-1-5-32-544BUILTIN\AdministratorsSeRemoteInteractiveLogonRightS-1-5-32-555BUILTIN\Remote Desktop UsersS-1-5-32-544BUILTIN\AdministratorsSeRemoteShutdownPrivilegeS-1-5-32-544BUILTIN\AdministratorsSeSecurityPrivilegeS-1-5-32-544BUILTIN\AdministratorsSeShutdownPrivilegeS-1-5-32-545BUILTIN\UsersS-1-5-32-544BUILTIN\AdministratorsSeSystemEnvironmentPrivilegeS-1-5-32-544BUILTIN\AdministratorsSeSystemProfilePrivilegeS-1-5-32-544BUILTIN\AdministratorsSeSystemTimePrivilegeS-1-5-19NT AUTHORITY\LOCAL SERVICES-1-5-32-544BUILTIN\AdministratorsSeTakeOwnershipPrivilegeS-1-5-32-544BUILTIN\AdministratorsSeTcbPrivilegeSeUndockPrivilegeS-1-5-32-545BUILTIN\UsersS-1-5-32-544BUILTIN\AdministratorsMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon1Interactive logon: Require Domain Controller authentication to unlock workstationtrueMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod0MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)0MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun255MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)255, disable Autorun for all drivesMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin1User Account Control: Behavior of the elevation prompt for administrators in Admin Approval ModePrompt for credentialsMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser0User Account Control: Behavior of the elevation prompt for standard usersAutomatically deny elevation requestsMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection1User Account Control: Detect application installations and prompt for elevationtrueMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA1User Account Control: Run all administrators in Admin Approval ModetrueMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths1User Account Control: Only elevate UIAccess applications that are installed in secure locationstrueMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization1User Account Control: Virtualize file and registry write failures to per-user locationstrueMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken1User Account Control: Admin Approval Mode for the Built-in Administrator accounttrueMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop1User Account Control: Switch to the secure desktop when prompting for elevationtrueMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption0Interactive logon: Require smart cardfalseMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures0User Account Control: Only elevate executables that are signed and validatedfalseMACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds1Network access: Do not allow storage of credentials or .NET Passports for network authenticationtrueMACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous1Network access: Let Everyone permissions apply to anonymous userstrueMACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest0Network access: Sharing and security model for local accountsClassic - local users authenticate as themselvesMACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel4Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LMMACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec537395200Network security: Minimum session security for NTLM SSP based (including secure RPC) clientsRequire NTLMv2 session securitytrueRequire 128-bit encryptiontrueMACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec537395200Network security: Minimum session security for NTLM SSP based (including secure RPC) serversRequire NTLMv2 session securitytrueRequire 128-bit encryptiontrueMACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous1Network access: Do not allow anonymous enumeration of SAM accounts and sharestrueMACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM1Network access: Do not allow anonymous enumeration of SAM accountstrueMACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy1Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settingstrueMACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers1Devices: Prevent users from installing printer driverstrueMACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\MachineSystem\CurrentControlSet\Control\ProductOptionsSystem\CurrentControlSet\Control\Server ApplicationsSoftware\Microsoft\Windows NT\CurrentVersionNetwork access: Remotely accessible registry pathsSystem\CurrentControlSet\Control\ProductOptionsSystem\CurrentControlSet\Control\Server ApplicationsSoftware\Microsoft\Windows NT\CurrentVersionMACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\MachineSoftware\Microsoft\Windows NT\CurrentVersion\PrintSoftware\Microsoft\Windows NT\CurrentVersion\WindowsSystem\CurrentControlSet\Control\Print\PrintersSystem\CurrentControlSet\Services\EventlogSoftware\Microsoft\OLAP ServerSystem\CurrentControlSet\Control\ContentIndexSystem\CurrentControlSet\Control\Terminal ServerSystem\CurrentControlSet\Control\Terminal Server\UserConfigSystem\CurrentControlSet\Control\Terminal Server\DefaultUserConfigurationSoftware\Microsoft\Windows NT\CurrentVersion\PerflibSystem\CurrentControlSet\Services\SysmonLogNetwork access: Remotely accessible registry paths and sub-pathsSoftware\Microsoft\Windows NT\CurrentVersion\PrintSoftware\Microsoft\Windows NT\CurrentVersion\WindowsSystem\CurrentControlSet\Control\Print\PrintersSystem\CurrentControlSet\Services\EventlogSoftware\Microsoft\OLAP ServerSystem\CurrentControlSet\Control\ContentIndexSystem\CurrentControlSet\Control\Terminal ServerSystem\CurrentControlSet\Control\Terminal Server\UserConfigSystem\CurrentControlSet\Control\Terminal Server\DefaultUserConfigurationSoftware\Microsoft\Windows NT\CurrentVersion\PerflibSystem\CurrentControlSet\Services\SysmonLogMACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown0Shutdown: Clear virtual memory pagefilefalseMACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode1System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)trueMACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode1MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)trueMACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel90MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning90%MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt1MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.Multicast, broadcast, & ISAKMP exempt (best for Windows XP).MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipesBROWSERnetlogonlsarpcsamrNetwork access: Named Pipes that can be accessed anonymouslyBROWSERnetlogonlsarpcsamrMACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionSharesNetwork access: Shares that can be accessed anonymouslyMACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess1Network access: Restrict anonymous access to Named Pipes and SharestrueMACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity1Network security: LDAP client signing requirementsNegotiate signingMACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting2MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)Highest protection, source routing is completely disabledMACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect0MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)falseMACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect0MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesfalseMACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime300000MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds300000 or 5 minutes (recommended)MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect0MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)No additional protection, use default settingsMACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions2MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged3 & 6 seconds, half-open connections dropped after 21 secondsMACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions3MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)3LSAAnonymousNameLookup0MaximumLogSizeApplication32768MaximumLogSizeSystem32768MaximumLogSizeSecurity81920Security 28 28 true Prompt for password on resume from hibernate / suspend Enabled This settings allows you to configure client computers to always lock when resuming from a hibernate or suspend. If you enable this setting, the client computer is locked when it is resumed from a suspend or hibernate state. If you disable or do not configure this setting, users can decide if their computer is automatically locked or not after performing a resume operation. At least Microsoft Windows XP Professional or Windows Server 2003 family System/Power Management Do not preserve zone information in file attachments Disabled This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (i.e. restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information Windows cannot make proper risk assessments. If you enable this policy setting Windows does not mark file attachments with their zone information. If you disable this policy setting Windows marks file attachments with their zone information. If you do not configure this policy setting Windows marks file attachments with their zone information. At least Microsoft Windows XP Professional with SP2 Windows Components/Attachment Manager Registry Personal Vista