-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
40 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# Case of the security policy | ||
|
||
Certain group policies are directly managed by **SSSD**. In such instances, **ADSys** is not involved at all. This is applicable to **Security Settings**. | ||
|
||
In Windows Group Policy Management Editor,you can locate these keys at `[FOREST.ROOT] > Computer Configuration > Windows Settings > Security Settings` | ||
|
||
Below is a table providing a non-comprehensive list of Security Settings defined in Windows, which are not managed by ADSys but receive partial support through SSSD. | ||
|
||
| Windows Setting | | ||
| --------------- | | ||
|**Account Policies > Password Policy**| | ||
|Enforce password history| | ||
|Maximum password age| | ||
|Minimum password age| | ||
|Minimum password length| | ||
|Password must meet complexity requirements| | ||
|**Account Policies > Account Lockout Policy**| | ||
|Account lockout duration| | ||
|Account lockout threshold| | ||
|Reset account lockout counter after| | ||
|**Local Policies > User Rights Assignment**| | ||
|Access this computer from the network| | ||
|Allow log on locally| | ||
|Allow log on through Remote Desktop Services| | ||
|Change the system time| | ||
|Change the timezone| | ||
|Deny access to this computer from the network| | ||
|Deny log on as a batch job| | ||
|Deny log on as a service| | ||
|Deny log on locally| | ||
|Deny log on through Remote Desktop Services| | ||
|Log on as a batch job| | ||
|Log on as a service| | ||
|Shutdown the system| | ||
|**Local Policies / Security Options**| | ||
|Administrator account status| | ||
|Shutdown: Allow system to be shut down without having to log on| | ||
|
||
Get more information on [SSSD](https://sssd.io/). |