Thu, May 28 2009 20:29
bradley
So what's the default group policies for SBS 2008?
Ignore this post. I picked the SBS 2008 box that was in the middle of the migration from SBS 2003 to SBS 2008.
I'll redo this post (and format them a better way) and post up the default Group policy settings.
Starting off with the first policy - Default Domain Policy
| Default Domain Policy |
| Data collected on: 5/28/2009 3:12:20 PM |
|
| Domain |
smallbusiness.local |
| Owner |
SMALLBUSINESS\Domain Admins |
| Created |
5/24/2009 10:01:50 PM |
| Modified |
5/25/2009 8:48:04 PM |
| User Revisions |
1 (AD), 1 (sysvol) |
| Computer Revisions |
7 (AD), 7 (sysvol) |
| Unique ID |
{31B2F340-016D-11D2-945F-00C04FB984F9} |
| GPO Status |
Enabled |
Links
| Location | Enforced | Link Status | Path |
| smallbusiness |
No |
Enabled |
smallbusiness.local |
This list only includes links in the domain of the GPO.
The settings in this GPO can only apply to the following groups, users, and computers:
| Name |
| NT AUTHORITY\Authenticated Users |
| WMI Filter Name |
None |
| Description |
Not applicable |
Delegation
These groups and users have the specified permission for this GPO
| Name | Allowed Permissions | Inherited |
| NT AUTHORITY\Authenticated Users |
Read (from Security Filtering) |
No |
| NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS |
Read |
No |
| NT AUTHORITY\SYSTEM |
Edit settings, delete, modify security |
No |
| SMALLBUSINESS\Domain Admins |
Edit settings, delete, modify security |
No |
| SMALLBUSINESS\Enterprise Admins |
Edit settings, delete, modify security |
No |
Computer Configuration (Enabled)
Account Policies/Password Policy
| Policy | Setting |
| Enforce password history |
24 passwords remembered |
| Maximum password age |
0 days |
| Minimum password age |
0 days |
| Minimum password length |
0 characters |
| Password must meet complexity requirements |
Disabled |
| Store passwords using reversible encryption |
Disabled |
Account Policies/Account Lockout Policy
| Policy | Setting |
| Account lockout duration |
10 minutes |
| Account lockout threshold |
50 invalid logon attempts |
| Reset account lockout counter after |
10 minutes |
Account Policies/Kerberos Policy
| Policy | Setting |
| Enforce user logon restrictions |
Enabled |
| Maximum lifetime for service ticket |
600 minutes |
| Maximum lifetime for user ticket |
10 hours |
| Maximum lifetime for user ticket renewal |
7 days |
| Maximum tolerance for computer clock synchronization |
5 minutes |
Local Policies/Security Options
| Policy | Setting |
| Network security: Force logoff when logon hours expire |
Disabled |
Public Key Policies/Encrypting File System
| Issued To | Issued By | Expiration Date | Intended Purposes |
| Administrator |
Administrator |
5/23/2012 10:05:09 PM |
File Recovery |
For additional information about individual settings, launch Group Policy Object Editor.
Public Key Policies/Trusted Root Certification Authorities
| Policy | Setting |
| Allow users to select new root certification authorities (CAs) to trust |
Enabled |
| Client computers can trust the following certificate stores |
Third-Party Root Certification Authorities and Enterprise Root Certification Authorities |
| To perform certificate-based authentication of users and computers, CAs must meet the following criteria |
Registered in Active Directory only |
User Configuration (Enabled)
Remote Installation Services
Client Installation Wizard options
| Policy | Setting |
| Custom Setup |
Disabled |
| Restart Setup |
Disabled |
| Tools |
Disabled |
Filed under: sbs 2008
![[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.]](http://www.sbslinks.com/images/headertop.png "There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not!")