Group policy Settings

These settings are still a work in progress. Feel free to modify this to better fit our needs.

Group policy should update automatically but you can force group policy updates on a client computer by running (in command prompt) "gpupdate /force" On windows 2000 run "secedit /refreshpolicy machine_policy enforce"

• Computer Configuration

  • Windows Settings
    • Security Settings
      • Account Policies
        • Password policy
          • Minimum Password Length:
          • Enforce Password History: 0
        • Account Lock policy
          • Account Lockout Threshold: 5
          • Account lockout duration: 30 min
      • Local Policies
        • Audit policy
          • Audit account logon events : Success & Failure
          • Audit logon events: Success & Failure
        • User Rights Assignment
          • Allow log on through Remote Desktop Services: Disabled
        • Security options

          • Network Security: Do not store LAN Manager hash value on next password change: Enabled

          • Interactive logon – do not require ctrl alt del at logon: Disabled

          • Lan Manager authentication level: “Send NTLMv2 response only. Refuse LM & NTLM”

• Network access: Do not allow anonymous enumeration of SAM accounts - Enabled

• Network access: Allow anonymous SID/name translation - Disabled

• Accounts: Rename administrator account - Rename to something unique (but remember it)

• Interactive logon: Message text for users attempting to log on - sometimes an inject