Re: group policy question

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: "Marcia" <mkp@xxxxxxxx>
• Date: Sun, 24 Apr 2005 11:51:08 -0400

---

duh... forgot to paste the rsop....


ACBFPARENTADVOC\administrator on ACBFPARENTADVOC\JCP-SERVERGroup Policy
Management
body { font-size:68%;font-family:Tahoma; margin:0px,0px,0px,0px; border: 1px
solid #666666; background:#F6F6F6; width:100%; word-break:normal;
word-wrap:break-word; } .head { font-weight:bold; font-size:160%;
font-family:Tahoma; width:100%; color:#6587DC; background:#E3EAF9;
border:1px
solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px;
margin-top: 10px; margin-bottom:5px;width:100%; } .info {
padding-left:10px;width:100%; } table { font-size:100%; width:100%;
border:1px
solid #999999; } th { border-bottom:1px solid #999999; text-align:left;
padding-left:10px; height:24px; } td { background:#FFFFFF;
padding-left:10px;
padding-bottom:10px; padding-top:10px; } .btn { width:100%;
text-align:right;
margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999;
text-align:left; padding-top: 4px; padding-left:10px; height:24px;
margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px;
display:block; overflow:scroll; z-index:2; background:#FFFFFF;
padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid
#999999; } button { width:6.9em; height:2.1em; font-size:100%;
font-family:tahoma; margin-right:15px; } @media print { .bdy {
display:block;
overflow:visible; } button { display:none; } .head { color:#000000;
background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
Print
Close
No explanation is available for this setting.
Supported On:
Not available
Group Policy Results
ACBFPARENTADVOC\administrator on ACBFPARENTADVOC\JCP-SERVER
Data collected on: 4/24/2005 11:37:28 AMhide all

Summaryhide
Computer Configuration Summaryhide
Generalhide
Computer nameACBFPARENTADVOC\JCP-SERVER
Domainacbfparentadvocates.local
SiteDefault-First-Site-Name
Last time Group Policy was processed4/24/2005 11:33:42 AM

Group Policy Objectshide
Applied GPOshide
NameLink LocationRevision
Local Group PolicyLocalAD (45), Sysvol (45)
Default Domain Policyacbfparentadvocates.localAD (58), Sysvol (58)
Small Business Server Client Computeracbfparentadvocates.localAD (22),
Sysvol (22)
Small Business Server Lockout Policyacbfparentadvocates.localAD (2),
Sysvol (2)
Small Business Server Remote Assistance
Policyacbfparentadvocates.localAD
(2), Sysvol (2)
Small Business Server Domain Password
Policyacbfparentadvocates.localAD
(5), Sysvol (5)
Default Domain Controllers Policyacbfparentadvocates.local/Domain
ControllersAD (32), Sysvol (32)
Small Business Server Auditing Policyacbfparentadvocates.local/Domain
ControllersAD (38), Sysvol (38)

Denied GPOshide
NameLink LocationReason Denied
User lock downacbfparentadvocates.localAccess Denied (Security
Filtering)
Small Business Server Internet Connection
Firewallacbfparentadvocates.localFalse WMI Filter
Small Business Server Windows Firewallacbfparentadvocates.localFalse
WMI
Filter

Security Group Membership when Group Policy was appliedhide
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
WMI Filtershide
NameValueReference GPO(s)
MSFT_SomFilter.ID="{64C94D4C-A62E-4AE0-8C90-767FDD3D95D1}",Domain="acbfparentadvocates.local"FalseSmall
Business Server Windows Firewall
MSFT_SomFilter.ID="{C911E16F-C7E4-439C-9FF6-EA7263A057C6}",Domain="acbfparentadvocates.local"FalseSmall
Business Server Internet Connection Firewall

Component Statushide
Component NameStatusLast Process Time
Group Policy InfrastructureSuccess4/24/2005 11:33:42 AM
EFS recoverySuccess (no data)4/21/2005 10:28:49 PM
Microsoft Disk QuotaSuccess (no data)4/20/2005 5:18:37 PM
RegistrySuccess4/21/2005 10:28:33 PM
SecuritySuccess4/21/2005 10:28:49 PM
Software InstallationSuccess4/20/2005 5:18:47 PM

User Configuration Summaryhide
Generalhide
User nameACBFPARENTADVOC\administrator
Domainacbfparentadvocates.local
Last time Group Policy was processed4/24/2005 11:31:55 AM

Group Policy Objectshide
Applied GPOshide
NameLink LocationRevision
Local Group PolicyLocalAD (3), Sysvol (3)
Default Domain Policyacbfparentadvocates.localAD (6), Sysvol (6)
Small Business Server Client Computeracbfparentadvocates.localAD (5),
Sysvol (5)

Denied GPOshide
NameLink LocationReason Denied
User lock downacbfparentadvocates.localAccess Denied (Security
Filtering)
Small Business Server Internet Connection
Firewallacbfparentadvocates.localFalse WMI Filter
Small Business Server Windows Firewallacbfparentadvocates.localFalse
WMI
Filter
Small Business Server Lockout Policyacbfparentadvocates.localDisabled
GPO
Small Business Server Remote Assistance
Policyacbfparentadvocates.localDisabled GPO
Small Business Server Domain Password
Policyacbfparentadvocates.localEmpty

Security Group Membership when Group Policy was appliedhide
ACBFPARENTADVOC\Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
NT AUTHORITY\This Organization
LOCAL
ACBFPARENTADVOC\Domain Admins
ACBFPARENTADVOC\Group Policy Creator Owners
ACBFPARENTADVOC\ITUsers
ACBFPARENTADVOC\SBS Mobile Users
ACBFPARENTADVOC\Enterprise Admins
ACBFPARENTADVOC\Schema Admins
ACBFPARENTADVOC\SBS Internet Users
ACBFPARENTADVOC\SBS Admin Templates
ACBFPARENTADVOC\SBS Report Users
ACBFPARENTADVOC\OWS_389377184_admin
ACBFPARENTADVOC\ePO User Group
ACBFPARENTADVOC\OWS_389377180_admin
WMI Filtershide
NameValueReference GPO(s)
MSFT_SomFilter.ID="{64C94D4C-A62E-4AE0-8C90-767FDD3D95D1}",Domain="acbfparentadvocates.local"FalseSmall
Business Server Windows Firewall
MSFT_SomFilter.ID="{C911E16F-C7E4-439C-9FF6-EA7263A057C6}",Domain="acbfparentadvocates.local"FalseSmall
Business Server Internet Connection Firewall

Component Statushide
Component NameStatusLast Process Time
Group Policy InfrastructureSuccess4/24/2005 11:31:55 AM
Internet Explorer BrandingSuccess4/22/2005 3:01:49 PM
RegistrySuccess4/22/2005 3:01:48 PM

Computer Configurationhide
Software Settingshide
Installed Applicationshide
Microsoft ASP.NET ValidatePath Modulehide
Winning GPODefault Domain Policy
Product Informationhide
NameMicrosoft ASP.NET ValidatePath Module
Version1.0
LanguageEnglish (United States)
PlatformIntel
Support URLhttp://support.microsoft.com

Deployment Informationhide
GeneralSetting
Deployment typeAssigned
Deployment sourceC:\ClientApps\VPModule.msi
Uninstall this application when it falls out of the scope of
managementDisabled

Advanced Deployment OptionsSetting
Ignore language when deploying this packageDisabled
Make this 32-bit X86 application available to Win64 machinesDisabled
Include OLE class and product informationDisabled

Diagnostic InformationSetting
Product code{30efff0c-573d-46fb-8ad5-00887289261a}
Deployment Count0

Securityhide
PermissionsTypeNamePermissionInherited
AllowACBFPARENTADVOC\Domain AdminsFull controlNo
AllowNT AUTHORITY\SYSTEMFull controlNo
AllowNT AUTHORITY\Authenticated UsersReadNo
AllowACBFPARENTADVOC\Domain AdminsRead, WriteYes
AllowACBFPARENTADVOC\Enterprise AdminsRead, WriteYes
AllowCREATOR OWNERRead, WriteYes
AllowNT AUTHORITY\SYSTEMRead, WriteYes
AllowNT AUTHORITY\Authenticated UsersReadYes
AllowNT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadYes
Allow inheritable permissions from the parent to propagate to this
object
and all child objectsEnabled

Advancedhide
UpgradesSetting
Required upgrade for existing packagesEnabled
Packages that this package will upgradeGPO
None

Packages that will upgrade this packageGPO
None


Transforms
None

Causehide
This application was applied due to the following conditions:
The application was assigned.
Its language matched the system language.

Windows Settingshide
Security Settingshide
Account Policies/Password Policyhide
PolicySettingWinning GPO
Enforce password history24 passwords rememberedSmall Business Server
Domain Password Policy
Maximum password age30 daysSmall Business Server Domain Password
Policy
Minimum password age0 daysSmall Business Server Domain Password Policy
Minimum password length12 charactersSmall Business Server Domain
Password
Policy
Password must meet complexity requirementsEnabledSmall Business Server
Domain Password Policy
Store passwords using reversible encryptionDisabledSmall Business
Server
Domain Password Policy

Account Policies/Account Lockout Policyhide
PolicySettingWinning GPO
Account lockout duration10 minutesSmall Business Server Lockout Policy
Account lockout threshold50 invalid logon attemptsSmall Business
Server
Lockout Policy
Reset account lockout counter after10 minutesSmall Business Server
Lockout
Policy

Account Policies/Kerberos Policyhide
PolicySettingWinning GPO
Enforce user logon restrictionsEnabledDefault Domain Policy
Maximum lifetime for service ticket600 minutesDefault Domain Policy
Maximum lifetime for user ticket10 hoursDefault Domain Policy
Maximum lifetime for user ticket renewal7 daysDefault Domain Policy
Maximum tolerance for computer clock synchronization5 minutesDefault
Domain Policy

Local Policies/Audit Policyhide
PolicySettingWinning GPO
Audit account logon eventsSuccess, FailureDefault Domain Controllers
Policy
Audit account managementSuccess, FailureDefault Domain Controllers
Policy
Audit directory service accessNo auditingSmall Business Server
Auditing
Policy
Audit logon eventsSuccess, FailureSmall Business Server Auditing
Policy
Audit object accessSuccess, FailureDefault Domain Controllers Policy
Audit policy changeSuccess, FailureDefault Domain Controllers Policy
Audit privilege useSuccess, FailureDefault Domain Controllers Policy
Audit process trackingSuccess, FailureDefault Domain Controllers
Policy
Audit system eventsSuccess, FailureDefault Domain Controllers Policy

Local Policies/User Rights Assignmenthide
PolicySettingWinning GPO
Access this computer from the networkPre-Windows 2000 Compatible
Access,
ENTERPRISE DOMAIN CONTROLLERS, Everyone, Authenticated Users,
Administrators, ACBFPARENTADVOC\IWAM_JCP-SERVER,
ACBFPARENTADVOC\IUSR_JCP-SERVERDefault Domain Controllers Policy
Act as part of the operating
systemACBFPARENTADVOC\AdministratorDefault
Domain Controllers Policy
Add workstations to domainAuthenticated UsersDefault Domain
Controllers
Policy
Adjust memory quotas for a processNETWORK SERVICE, LOCAL SERVICE,
Administrators, ACBFPARENTADVOC\IWAM_JCP-SERVERDefault Domain
Controllers
Policy
Allow log on locallyACBFPARENTADVOC\IUSR_JCP-SERVER, Print Operators,
Server Operators, Backup Operators, Administrators, Account
OperatorsDefault Domain Controllers Policy
Back up files and directoriesServer Operators, Backup Operators,
AdministratorsDefault Domain Controllers Policy
Bypass traverse checkingPre-Windows 2000 Compatible Access, Everyone,
Authenticated Users, AdministratorsDefault Domain Controllers Policy
Change the system timeServer Operators, AdministratorsDefault Domain
Controllers Policy
Create a pagefileAdministratorsDefault Domain Controllers Policy
Create a token objectDefault Domain Controllers Policy
Create global objectsAdministrators, SERVICEDefault Domain Controllers
Policy
Create permanent shared objectsDefault Domain Controllers Policy
Debug programsAdministratorsDefault Domain Controllers Policy
Deny access to this computer from the networkDefault Domain
Controllers
Policy
Deny log on as a batch jobDefault Domain Controllers Policy
Deny log on as a serviceDefault Domain Controllers Policy
Deny log on locallyACBFPARENTADVOC\SBS STS Worker, ACBFPARENTADVOC\SBS
Remote OperatorsDefault Domain Controllers Policy
Enable computer and user accounts to be trusted for
delegationAdministratorsDefault Domain Controllers Policy
Force shutdown from a remote systemServer Operators,
AdministratorsDefault
Domain Controllers Policy
Generate security auditsNETWORK SERVICE, LOCAL SERVICEDefault Domain
Controllers Policy
Impersonate a client after authenticationACBFPARENTADVOC\IIS_WPG,
Administrators, SERVICEDefault Domain Controllers Policy
Increase scheduling priorityAdministratorsDefault Domain Controllers
Policy
Load and unload device driversAdministratorsDefault Domain Controllers
Policy
Lock pages in memoryDefault Domain Controllers Policy
Log on as a batch jobACBFPARENTADVOC\IIS_WPG,
ACBFPARENTADVOC\IUSR_JCP-SERVER, ACBFPARENTADVOC\IWAM_JCP-SERVER,
ACBFPARENTADVOC\AdministratorDefault Domain Controllers Policy
Log on as a serviceACBFPARENTADVOC\Administrator, NETWORK
SERVICEDefault
Domain Controllers Policy
Manage auditing and security logAdministratorsDefault Domain
Controllers
Policy
Modify firmware environment valuesAdministratorsDefault Domain
Controllers
Policy
Profile single processAdministratorsDefault Domain Controllers Policy
Profile system performanceAdministratorsDefault Domain Controllers
Policy
Remove computer from docking stationAdministratorsDefault Domain
Controllers Policy
Replace a process level tokenNETWORK SERVICE, LOCAL SERVICE,
ACBFPARENTADVOC\IWAM_JCP-SERVERDefault Domain Controllers Policy
Restore files and directoriesServer Operators, Backup Operators,
AdministratorsDefault Domain Controllers Policy
Shut down the systemPrint Operators, Server Operators, Backup
Operators,
Administrators, Account OperatorsDefault Domain Controllers Policy
Synchronize directory service dataDefault Domain Controllers Policy
Take ownership of files or other objectsAdministratorsDefault Domain
Controllers Policy

Local Policies/Security Optionshide
Domain Controllerhide
PolicySettingWinning GPO
Domain controller: LDAP server signing requirementsNoneDefault Domain
Controllers Policy

Domain Memberhide
PolicySettingWinning GPO
Domain member: Digitally encrypt or sign secure channel data
(always)EnabledDefault Domain Controllers Policy

Interactive Logonhide
PolicySettingWinning GPO
Interactive logon: Do not display last user nameEnabledDefault Domain
Policy
Interactive logon: Message text for users attempting to log onYou are
required to follow all policies outlined in the employee
handbook.Default
Domain Policy
Interactive logon: Prompt user to change password before expiration3
daysDefault Domain Policy

Microsoft Network Serverhide
PolicySettingWinning GPO
Microsoft network server: Digitally sign communications
(always)EnabledDefault Domain Controllers Policy
Microsoft network server: Digitally sign communications (if client
agrees)EnabledDefault Domain Controllers Policy
Microsoft network server: Disconnect clients when logon hours
expireEnabledDefault Domain Policy

Network Securityhide
PolicySettingWinning GPO
Network security: Force logoff when logon hours expireEnabledDefault
Domain Policy
Network security: LAN Manager authentication levelSend NTLM response
onlyDefault Domain Controllers Policy

Event Loghide
PolicySettingWinning GPO
Retain security log14 daysSmall Business Server Auditing Policy
Retention method for security logBy daysSmall Business Server Auditing
Policy

Public Key Policies/Autoenrollment Settingshide
PolicySettingWinning GPO
Enroll certificates automaticallyEnabled[Default setting]
Renew expired certificates, update pending certificates, and
remove
revoked certificatesDisabled
Update certificates that use certificate templatesDisabled


Public Key Policies/Encrypting File Systemhide
Propertieshide
Winning GPO[Default setting]
PolicySetting
Allow users to encrypt files using Encrypting File System (EFS)Enabled

Certificateshide
Issued ToIssued ByExpiration DateIntended PurposesWinning GPO
mssupportmssupport10/1/2007 5:35:33 PMFile RecoveryDefault Domain
Policy

For additional information about individual settings, launch Group Policy
Object
Editor.
Public Key Policies/Trusted Root Certification Authoritieshide
Propertieshide
Winning GPO[Default setting]
PolicySetting
Allow users to select new root certification authorities (CAs) to
trustEnabled
Client computers can trust the following certificate storesThird-Party
Root Certification Authorities and Enterprise Root Certification
Authorities
To perform certificate-based authentication of users and computers,
CAs
must meet the following criteriaRegistered in Active Directory only

Software Restriction Policieshide
Winning GPOSmall Business Server Auditing Policy
Enforcement
PolicySetting
Apply software restriction policies toAll software files except
libraries (such as DLLs)
Apply software restriction policies to the following usersAll
users

Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMApplication
CPLControl Panel extension
CRTSecurity Certificate
EXEApplication
HLPHelp File
HTAHTML Application
INFSetup Information
INSInternet Communication Settings
ISPInternet Communication Settings
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX Control
PCDPCD File
PIFShortcut to Program
REGRegistration Entries
SCRScreen Saver
SHSScrap object
URLInternet Shortcut
VBVB File
WSCWindows Script Component

Trusted Publishers
Allow the following users to select trusted publishersEnd users
Before trusting a publisher, check the following to determine if
the
certificate is revokedPublisher; Timestamp


Software Restriction Policies/Security Levelshide
PolicySettingWinning GPO
Default Security LevelUnrestrictedSmall Business Server Auditing
Policy

Software Restriction Policies/Additional Ruleshide
Path Ruleshide
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified1/19/2005 2:03:57 PM
Winning GPOSmall Business Server Auditing Policy

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%\*.exe
Security LevelUnrestricted
Description
Date last modified1/19/2005 2:03:57 PM
Winning GPOSmall Business Server Auditing Policy

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%\System32\*.exe
Security LevelUnrestricted
Description
Date last modified1/19/2005 2:03:57 PM
Winning GPOSmall Business Server Auditing Policy

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified1/19/2005 2:03:57 PM
Winning GPOSmall Business Server Auditing Policy


Administrative Templateshide
Network/Network Connectionshide
PolicySettingWinning GPO
Prohibit installation and configuration of Network Bridge on your DNS
domain networkEnabledSmall Business Server Client Computer
Prohibit use of Internet Connection Firewall on your DNS domain
networkDisabledLocal Group Policy
Prohibit use of Internet Connection Sharing on your DNS domain
networkEnabledSmall Business Server Client Computer

System/Disk Quotashide
PolicySettingWinning GPO
Default quota limit and warning levelEnabledSmall Business Server
Auditing
Policy
Specify a quota limit and warning level applied to users when
they first write to a quota-enabled volume.

Default quota limit:

Value100
UnitsMB

Default warning level:

Value100
UnitsMB

PolicySettingWinning GPO
Enable disk quotasEnabledSmall Business Server Auditing Policy
Enforce disk quota limitEnabledSmall Business Server Auditing Policy
Log event when quota limit exceededEnabledSmall Business Server
Auditing
Policy
Log event when quota warning level exceededEnabledSmall Business
Server
Auditing Policy

System/Error Reporting/Advanced Error Reporting settingshide
PolicySettingWinning GPO
Default application reporting settingsEnabledLocal Group Policy
Default:Report all application errors
Report all errors in Microsoft applications.Disabled
Report all errors in Windows components.Enabled

PolicySettingWinning GPO
Report operating system errorsEnabledSmall Business Server Auditing
Policy
Report unplanned shutdown eventsEnabledSmall Business Server Auditing
Policy

System/Group Policyhide
PolicySettingWinning GPO
Group Policy refresh interval for computersEnabledSmall Business
Server
Auditing Policy
This setting allows you to customize how often Group Policy is
applied
to computers. The range is 0 to 64800 minutes (45 days).
Minutes:1440

This is a random time added to the refresh interval to prevent
all clients from requesting Group Policy at the same time.
The range is 0 to 1440 minutes (24 hours)
Minutes:30

PolicySettingWinning GPO
Internet Explorer Maintenance policy processingDisabledLocal Group
Policy
Security policy processingDisabledLocal Group Policy
Software Installation policy processingDisabledLocal Group Policy
Turn off background refresh of Group PolicyDisabledLocal Group Policy

System/Logonhide
PolicySettingWinning GPO
Don't display the Getting Started welcome screen at logonEnabledSmall
Business Server Client Computer

System/Remote Assistancehide
PolicySettingWinning GPO
Offer Remote AssistanceEnabledSmall Business Server Remote Assistance
Policy
Permit remote control of this computer:Allow helpers to remotely
control the computer
Helpers:
ACBFPARENTADVOC\Domain Admins
staff5



System/Windows Time Servicehide
PolicySettingWinning GPO
Global Configuration SettingsEnabledSmall Business Server Auditing
Policy
Clock Discipline Parameters
FrequencyCorrectRate4
HoldPeriod5
LargePhaseOffset1280000
MaxAllowedPhaseOffset300
MaxNegPhaseCorrection54000
MaxPosPhaseCorrection54000
PhaseCorrectRate1
PollAdjustFactor5
SpikeWatchPeriod90
UpdateInterval30000
General Parameters
AnnounceFlags10
EventLogFlags2
LocalClockDispersion10
MaxPollInterval15
MinPollInterval10


System/Windows Time Service/Time Providershide
PolicySettingWinning GPO
Configure Windows NTP ClientEnabledSmall Business Server Auditing
Policy
NtpServertime.windows.com,0x1
TypeNT5DS
CrossSiteSyncFlags2
ResolvePeerBackoffMinutes15
ResolvePeerBackoffMaxTimes7
SpecialPollInterval3600
EventLogFlags0

PolicySettingWinning GPO
Enable Windows NTP ClientEnabledSmall Business Server Auditing Policy
Enable Windows NTP ServerEnabledSmall Business Server Client Computer

Windows Components/Internet Explorerhide
PolicySettingWinning GPO
Make proxy settings per-machine (rather than per-user)EnabledSmall
Business Server Auditing Policy

Windows Components/Internet Information Serviceshide
PolicySettingWinning GPO
Prevent IIS installationDisabledDefault Domain Controllers Policy

Windows Components/Windows Messengerhide
PolicySettingWinning GPO
Do not allow Windows Messenger to be runEnabledSmall Business Server
Client Computer
Do not automatically start Windows Messenger initiallyEnabledSmall
Business Server Client Computer

Windows Components/Windows Updatehide
PolicySettingWinning GPO
Configure Automatic UpdatesEnabledSmall Business Server Auditing
Policy
Configure automatic updating:4 - Auto download and schedule the
install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day: 0 - Every day
Scheduled install time:03:00

PolicySettingWinning GPO
No auto-restart for scheduled Automatic Updates
installationsEnabledSmall
Business Server Auditing Policy

Extra Registry Settingshide
Display names for some settings cannot be found. You might be able to
resolve
this issue by updating the .ADM files used by Group Policy Management.

SettingStateWinning GPO
software\microsoft\windows
nt\currentversion\winlogon\SyncForegroundPolicy1Small Business Server
Client Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard1Default
Domain Policy
Software\Policies\Microsoft\Messenger\Client\CEIP2Default Domain
Policy
software\policies\microsoft\Windows NT\Terminal
Services\DisablePasswordSaving1Small Business Server Client Computer

User Configurationhide
Windows Settingshide
Security Settingshide
Public Key Policies/Autoenrollment Settingshide
PolicySettingWinning GPO
Enroll certificates automaticallyEnabled[Default setting]
Renew expired certificates, update pending certificates, and
remove
revoked certificatesDisabled
Update certificates that use certificate templatesDisabled


Software Restriction Policieshide
Winning GPOSmall Business Server Client Computer
Enforcement
PolicySetting
Apply software restriction policies toAll software files except
libraries (such as DLLs)
Apply software restriction policies to the following usersAll
users

Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMApplication
CPLControl Panel extension
CRTSecurity Certificate
EXEApplication
HLPHelp File
HTAHTML Application
INFSetup Information
INSInternet Communication Settings
ISPInternet Communication Settings
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX Control
PCDPCD File
PIFShortcut to Program
REGRegistration Entries
SCRScreen Saver
SHSScrap object
URLInternet Shortcut
VBVB File
WSCWindows Script Component

Trusted Publishers
Allow the following users to select trusted publishersEnterprise
administrators
Before trusting a publisher, check the following to determine if
the
certificate is revokedPublisher


Software Restriction Policies/Security Levelshide
PolicySettingWinning GPO
Default Security LevelUnrestrictedSmall Business Server Client
Computer

Software Restriction Policies/Additional Ruleshide
Path Ruleshide
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified5/23/2004 4:47:39 PM
Winning GPOSmall Business Server Client Computer

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%\*.exe
Security LevelUnrestricted
Description
Date last modified5/23/2004 4:47:39 PM
Winning GPOSmall Business Server Client Computer

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%\System32\*.exe
Security LevelUnrestricted
Description
Date last modified5/23/2004 4:47:39 PM
Winning GPOSmall Business Server Client Computer

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified5/23/2004 4:47:39 PM
Winning GPOSmall Business Server Client Computer


Administrative Templateshide
Windows Components/Internet Explorerhide
PolicySettingWinning GPO
Do not allow AutoComplete to save passwordsEnabledDefault Domain
Policy

Windows Components/NetMeetinghide
PolicySettingWinning GPO
Disable ChatEnabledDefault Domain Policy




"Marcia" <mkp@xxxxxxxx> wrote in message
news:%23S4VtOOSFHA.3052@xxxxxxxxxxxxxxxxxxxxxxx
> Hi! I've noticed that something is changing the
> HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
> AuthenticodeFlags field to something besides zero. This value needs to be
> zero for windows update to work.
>
> I've also determined that WU isn't changing the value that it only changes
> when the server is rebooted. Therefore, I've determined it to be
> something in GP--at least I'm pretty sure.
>
> I've ran RSOP, shown below. How do I tell from this where I need to
> change the key mentioned above?
>
> Any help would be greatly appreciated.
>
> Marcia
>
>


.

---

• References:
  • group policy question
    • From: Marcia

• Prev by Date: group policy question
• Next by Date: Re: Licensing Questions
• Previous by thread: group policy question
• Next by thread: Re: group policy question
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2005-04