Ignore this post.  I picked the SBS 2008 box that was in the middle of the migration from SBS 2003 to SBS 2008.

I’ll redo this post (and format them a better way) and post up the default Group policy settings.

Starting off with the first policy – Default Domain Policy


Default Domain Policy
Data collected on: 5/28/2009 3:12:20 PM


Domain smallbusiness.local
Owner SMALLBUSINESS\Domain Admins
Created 5/24/2009 10:01:50 PM
Modified 5/25/2009 8:48:04 PM
User Revisions 1 (AD), 1 (sysvol)
Computer Revisions 7 (AD), 7 (sysvol)
Unique ID {31B2F340-016D-11D2-945F-00C04FB984F9}
GPO Status Enabled

Location Enforced Link Status Path
smallbusiness No Enabled smallbusiness.local

This list only includes links in the domain of the GPO.

Security Filtering

The settings in this GPO can only apply to the following groups, users, and computers:
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name None
Description Not applicable

These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
SMALLBUSINESS\Domain Admins Edit settings, delete, modify security No
SMALLBUSINESS\Enterprise Admins Edit settings, delete, modify security No

Computer Configuration (Enabled)

Windows Settings
Security Settings

Account Policies/Password Policy
Policy Setting
Enforce password history 24 passwords remembered
Maximum password age 0 days
Minimum password age 0 days
Minimum password length 0 characters
Password must meet complexity requirements Disabled
Store passwords using reversible encryption Disabled

Account Policies/Account Lockout Policy
Policy Setting
Account lockout duration 10 minutes
Account lockout threshold 50 invalid logon attempts
Reset account lockout counter after 10 minutes

Account Policies/Kerberos Policy
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
Local Policies/Security Options

Network Security
Policy Setting
Network security: Force logoff when logon hours expire Disabled
Public Key Policies/Encrypting File System

Issued To Issued By Expiration Date Intended Purposes
Administrator Administrator 5/23/2012 10:05:09 PM File Recovery

For additional information about individual settings, launch Group Policy Object Editor.

Public Key Policies/Trusted Root Certification Authorities
Policy Setting
Allow users to select new root certification authorities (CAs) to trust Enabled
Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only

User Configuration (Enabled)
Windows Settings
Remote Installation Services

Client Installation Wizard options
Policy Setting
Custom Setup Disabled
Restart Setup Disabled
Tools Disabled

Comments are closed.