Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ; (c) Microsoft Corporation 1997-2000
- ;
- ; Security Configuration Template for Security Configuration Editor
- ;
- ; Template Name: HiSecDC.INF
- ; Template Version: 05.10.HD.0000
- [version]
- signature="$CHICAGO$"
- Revision=1
- [System Access]
- MinimumPasswordAge = 1
- MaximumPasswordAge = 90
- MinimumPasswordLength = 12
- PasswordComplexity = 1
- PasswordHistorySize = 24
- LockoutBadCount = 5
- ResetLockoutCount = 15
- LockoutDuration = 15
- ForceLogoffWhenHourExpire = 1
- ClearTextPassword = 0
- LSAAnonymousNameLookup = 0
- EnableGuestAccount = 0
- ;NewAdministatorName =
- ;NewGuestName =
- ;SecureSystemPartition
- ;----------------------------------------------------------------
- ;Event Log - Log Settings
- ;----------------------------------------------------------------
- ;Audit Log Retention Period:
- ;0 = Overwrite Events As Needed
- ;1 = Overwrite Events As Specified by Retention Days Entry
- ;2 = Never Overwrite Events (Clear Log Manually)
- [System Log]
- RestrictGuestAccess = 1
- [Security Log]
- MaximumLogSize = 10240
- AuditLogRetentionPeriod = 0
- RestrictGuestAccess = 1
- [Application Log]
- RestrictGuestAccess = 1
- ;----------------------------------------------------------------------
- ; Local Policies\Audit Policy
- ;----------------------------------------------------------------------
- [Event Audit]
- AuditSystemEvents = 3
- AuditLogonEvents = 3
- AuditObjectAccess = 3
- AuditPrivilegeUse = 3
- AuditPolicyChange = 3
- AuditAccountManage = 3
- AuditProcessTracking = 0
- AuditDSAccess = 3
- AuditAccountLogon = 3
- ;----------------------------------------------------------------------
- ; Local Policies\SecurityOptions
- ;----------------------------------------------------------------------
- [Strings]
- SceInfAdministrator = "Administrator"
- SceInfAdmins = "Administrators"
- SceInfAcountOp = "Account Operators"
- SceInfAuthUsers = "Authenticated Users"
- SceInfBackupOp = "Backup Operators"
- SceInfDomainAdmins = "Domain Admins"
- SceInfDomainGuests = "Domain Guests"
- SceInfDomainUsers = "Domain Users"
- SceInfEveryone = "Everyone"
- SceInfGuests = "Guests"
- SceInfGuest = "Guest"
- SceInfPowerUsers = "Power Users"
- SceInfPrintOp = "Print Operators"
- SceInfReplicator = "Replicator"
- SceInfServerOp = "Server Operators"
- SceInfUsers = "Users"
- SceInfProgramFiles = "Program Files"
- SceHiSecDCProfileDescription = "A superset of securedc. Provides further restrictions on LanManager authentication and further requirements for the encryption and signing of secure channel and SMB data. In order to apply hisecdc to a DC, all of the DC's in all trusted or trusting domains must be running Windows 2000 or later. See online help for further info."
- [Kerberos Policy]
- MaxTicketAge = 10
- MaxRenewAge = 10080
- MaxServiceAge = 10
- MaxClockSkew = 5
- TicketValidateClient = 1
- [Registry Values]
- MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,"2"
- MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
- MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,1
- MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,"0"
- MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,"1"
- MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,"0"
- MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,"1"
- MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
- MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
- MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,0
- MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0
- MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,
- MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,""
- MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1
- MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
- MACHINE\Software\Microsoft\Driver Signing\Policy=3,2
- MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,1
- MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
- MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
- MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
- MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange=4,0
- MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
- MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
- MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity=4,2
- MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
- MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0
- MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
- MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
- MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
- MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
- MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1
- MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
- MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
- MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1
- MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
- MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1
- MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0
- MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
- MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1
- MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1
- MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,0
- MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,0
- MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,5
- MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
- MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
- MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,1
- MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
- MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
- [Profile Description]
- Description=A superset of securedc. Provides further restrictions on LanManager authentication and further requirements for the encryption and signing of secure channel and SMB data. In order to apply hisecdc to a DC, all of the DC's in all trusted or trusting domains must be running Windows 2000 or later. See online help for further info.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement