So what’s the default group policies for SBS 2008?

Ignore this post.  I picked the SBS 2008 box that was in the middle of the migration from SBS 2003 to SBS 2008.

I’ll redo this post (and format them a better way) and post up the default Group policy settings.

Starting off with the first policy – Default Domain Policy

 






 

Default Domain Policy
Data collected on: 5/28/2009 3:12:20 PM

 


General
Details
Domain smallbusiness.local
Owner SMALLBUSINESS\Domain Admins
Created 5/24/2009 10:01:50 PM
Modified 5/25/2009 8:48:04 PM
User Revisions 1 (AD), 1 (sysvol)
Computer Revisions 7 (AD), 7 (sysvol)
Unique ID {31B2F340-016D-11D2-945F-00C04FB984F9}
GPO Status Enabled
Links


LocationEnforcedLink StatusPath
smallbusiness No Enabled smallbusiness.local


This list only includes links in the domain of the GPO.
Security Filtering

The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name None
Description Not applicable
Delegation

These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
SMALLBUSINESS\Domain Admins Edit settings, delete, modify security No
SMALLBUSINESS\Enterprise Admins Edit settings, delete, modify security No



Computer Configuration (Enabled)

Policies
Windows Settings
Security Settings

Account Policies/Password Policy
PolicySetting
Enforce password history 24 passwords remembered
Maximum password age 0 days
Minimum password age 0 days
Minimum password length 0 characters
Password must meet complexity requirements Disabled
Store passwords using reversible encryption Disabled

Account Policies/Account Lockout Policy
PolicySetting
Account lockout duration 10 minutes
Account lockout threshold 50 invalid logon attempts
Reset account lockout counter after 10 minutes

Account Policies/Kerberos Policy
PolicySetting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
Local Policies/Security Options

Network Security
PolicySetting
Network security: Force logoff when logon hours expire Disabled
Public Key Policies/Encrypting File System

Certificates
Issued ToIssued ByExpiration DateIntended Purposes
Administrator Administrator 5/23/2012 10:05:09 PM File Recovery


For additional information about individual settings, launch Group Policy Object Editor.
Public Key Policies/Trusted Root Certification Authorities
Properties
PolicySetting
Allow users to select new root certification authorities (CAs) to trust Enabled
Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only





User Configuration (Enabled)

Policies
Windows Settings
Remote Installation Services

Client Installation Wizard options
PolicySetting
Custom Setup Disabled
Restart Setup Disabled
Tools Disabled

Comments are closed.

Post Navigation