策略其他说明

策略导入导出

secedit /export /cfg gp.inf /quiet
secedit /configure /db gp.sdb /cfg gp.inf /quiet

说明

[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 0                //密码最短使用期限
MaximumPasswordAge = 42                //密码最长使用期限
MinimumPasswordLength = 8            //最短密码长度
PasswordComplexity = 1                //密码必须符合复杂性要求
PasswordHistorySize = 0                //强制密码历史
LockoutBadCount = 5                //账户锁定阈值
ResetLockoutCount = 10                //在此后复位帐户锁定计数器
LockoutDuration = 10                //帐户锁定时间
RequireLogonToChangePassword = 0        
ForceLogoffWhenHourExpire = 1            //网络安全：在超过登录时间后强制注销
NewAdministratorName = "Administrator"
NewGuestName = "Guest"
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableAdminAccount = 1
EnableGuestAccount = 0
[Event Audit]
AuditSystemEvents = 3                //审核系统事件：成功，失败;
AuditLogonEvents = 3                //审核登录事件
AuditObjectAccess = 3                //审核对象访问
AuditPrivilegeUse = 2                //审核特权使用：失败
AuditPolicyChange = 3                //审核策略更改
AuditAccountManage = 3                //审核账户管理
AuditProcessTracking = 0            //审核过程追踪：无审核;
AuditDSAccess = 2                //审核目录服务访问
AuditAccountLogon = 3                //审核账户登录事件
[Version]
signature="$CHICAGO$"
Revision=1
[Registry Values]
MACHINESoftwareMicrosoftWindows NTCurrentVersionSetupRecoveryConsoleSecurityLevel=4,0
MACHINESoftwareMicrosoftWindows NTCurrentVersionSetupRecoveryConsoleSetCommand=4,0
MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonCachedLogonsCount=1,"10"
MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonForceUnlockLogon=4,0
MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonPasswordExpiryWarning=4,0
MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonScRemoveOption=1,"0"
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemConsentPromptBehaviorAdmin=4,0
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemConsentPromptBehaviorUser=4,3
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDontDisplayLastUserName=4,0
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableInstallerDetection=4,1
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableLUA=4,0
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableSecureUIAPaths=4,1
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableUIADesktopToggle=4,0
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableVirtualization=4,1
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemFilterAdministratorToken=4,0
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemLegalNoticeCaption=1,""
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemLegalNoticeText=7,
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemPromptOnSecureDesktop=4,0
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemScForceOption=4,0
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemShutdownWithoutLogon=4,1
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemUndockWithoutLogon=4,1
MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemValidateAdminCodeSignatures=4,0
MACHINESoftwarePoliciesMicrosoftWindowsSaferCodeIdentifiersAuthenticodeEnabled=4,0
MACHINESystemCurrentControlSetControlLsaAuditBaseObjects=4,0
MACHINESystemCurrentControlSetControlLsaCrashOnAuditFail=4,0
MACHINESystemCurrentControlSetControlLsaDisableDomainCreds=4,1
MACHINESystemCurrentControlSetControlLsaEveryoneIncludesAnonymous=4,0
MACHINESystemCurrentControlSetControlLsaFIPSAlgorithmPolicyEnabled=4,0
MACHINESystemCurrentControlSetControlLsaForceGuest=4,0
MACHINESystemCurrentControlSetControlLsaFullPrivilegeAuditing=3,0
MACHINESystemCurrentControlSetControlLsaLimitBlankPasswordUse=4,0
MACHINESystemCurrentControlSetControlLsaMSV1_0NTLMMinClientSec=4,536870912
MACHINESystemCurrentControlSetControlLsaMSV1_0NTLMMinServerSec=4,536870912
MACHINESystemCurrentControlSetControlLsaNoLMHash=4,1
MACHINESystemCurrentControlSetControlLsaRestrictAnonymous=4,1
MACHINESystemCurrentControlSetControlLsaRestrictAnonymousSAM=4,1
MACHINESystemCurrentControlSetControlPrintProvidersLanMan Print ServicesServersAddPrinterDrivers=4,0
MACHINESystemCurrentControlSetControlSecurePipeServersWinregAllowedExactPathsMachine=7,SystemCurrentControlSetControl

ProductOptions,SystemCurrentControlSetControlServer Applications,SoftwareMicrosoftWindows NTCurrentVersion
MACHINESystemCurrentControlSetControlSecurePipeServersWinregAllowedPathsMachine=7,SystemCurrentControlSetControlPrint

Printers,SystemCurrentControlSetServicesEventlog,SoftwareMicrosoftOLAP Server,SoftwareMicrosoftWindows NTCurrentVersion

Print,SoftwareMicrosoftWindows NTCurrentVersionWindows,SystemCurrentControlSetControlContentIndex,SystemCurrentControlSetControl

Terminal Server,SystemCurrentControlSetControlTerminal ServerUserConfig,SystemCurrentControlSetControlTerminal Server

DefaultUserConfiguration,SoftwareMicrosoftWindows NTCurrentVersionPerflib,SystemCurrentControlSetServicesSysmonLog
MACHINESystemCurrentControlSetControlSession ManagerKernelObCaseInsensitive=4,1
MACHINESystemCurrentControlSetControlSession ManagerMemory ManagementClearPageFileAtShutdown=4,0
MACHINESystemCurrentControlSetControlSession ManagerProtectionMode=4,1
MACHINESystemCurrentControlSetControlSession ManagerSubSystemsoptional=7,Posix
MACHINESystemCurrentControlSetServicesLanManServerParametersAutoDisconnect=4,15
MACHINESystemCurrentControlSetServicesLanManServerParametersEnableForcedLogOff=4,1
MACHINESystemCurrentControlSetServicesLanManServerParametersEnableSecuritySignature=4,0
MACHINESystemCurrentControlSetServicesLanManServerParametersNullSessionPipes=7,
MACHINESystemCurrentControlSetServicesLanManServerParametersRequireSecuritySignature=4,0
MACHINESystemCurrentControlSetServicesLanManServerParametersRestrictNullSessAccess=4,1
MACHINESystemCurrentControlSetServicesLanmanWorkstationParametersEnablePlainTextPassword=4,0
MACHINESystemCurrentControlSetServicesLanmanWorkstationParametersEnableSecuritySignature=4,1
MACHINESystemCurrentControlSetServicesLanmanWorkstationParametersRequireSecuritySignature=4,0
MACHINESystemCurrentControlSetServicesLDAPLDAPClientIntegrity=4,1
MACHINESystemCurrentControlSetServicesNetlogonParametersDisablePasswordChange=4,0
MACHINESystemCurrentControlSetServicesNetlogonParametersMaximumPasswordAge=4,30
MACHINESystemCurrentControlSetServicesNetlogonParametersRequireSignOrSeal=4,1
MACHINESystemCurrentControlSetServicesNetlogonParametersRequireStrongKey=4,1
MACHINESystemCurrentControlSetServicesNetlogonParametersSealSecureChannel=4,1
MACHINESystemCurrentControlSetServicesNetlogonParametersSignSecureChannel=4,1
[Privilege Rights]
SeNetworkLogonRight = *S-1-1-0,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-547,*S-1-5-32-551
SeBackupPrivilege = *S-1-5-32-544,*S-1-5-32-551
SeChangeNotifyPrivilege = *S-1-1-0,*S-1-5-19,*S-1-5-20,SQLServer2005MSSQLUser$HIST$SQLEXPRESS,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551
SeSystemtimePrivilege = *S-1-5-19,*S-1-5-32-544
SeCreatePagefilePrivilege = *S-1-5-32-544
SeDebugPrivilege = *S-1-5-32-544
SeRemoteShutdownPrivilege = *S-1-5-32-544        //用户权限分配-从远程系统强制关机
SeAuditPrivilege = *S-1-5-19,*S-1-5-20
SeIncreaseQuotaPrivilege = *S-1-5-19,*S-1-5-20,SQLServer2005MSSQLUser$HIST$SQLEXPRESS,*S-1-5-32-544
SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
SeLoadDriverPrivilege = *S-1-5-32-544
SeBatchLogonRight = SQLServer2005MSSQLUser$HIST$SQLEXPRESS,*S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559,*S-1-5-32-568
SeServiceLogonRight = SQLServer2005SQLBrowserUser$HIST,SQLServer2005MSSQLUser$HIST$SQLEXPRESS,*S-1-5-80-0
SeInteractiveLogonRight = Guest,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551
SeSecurityPrivilege = *S-1-5-32-544
SeSystemEnvironmentPrivilege = *S-1-5-32-544
SeProfileSingleProcessPrivilege = *S-1-5-32-544
SeSystemProfilePrivilege = *S-1-5-32-544,*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420
SeAssignPrimaryTokenPrivilege = *S-1-5-19,*S-1-5-20,SQLServer2005MSSQLUser$HIST$SQLEXPRESS
SeRestorePrivilege = *S-1-5-32-544,*S-1-5-32-551
SeShutdownPrivilege = *S-1-5-32-544            //用户权限分配-关闭系统
SeTakeOwnershipPrivilege = *S-1-5-32-544
SeDenyInteractiveLogonRight = Guest
SeUndockPrivilege = *S-1-5-32-544,*S-1-5-32-545
SeManageVolumePrivilege = *S-1-5-32-544
SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555
SeImpersonatePrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-568,*S-1-5-6
SeCreateGlobalPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6
SeIncreaseWorkingSetPrivilege = *S-1-5-32-545
SeTimeZonePrivilege = *S-1-5-19,*S-1-5-32-544,*S-1-5-32-545
SeCreateSymbolicLinkPrivilege = *S-1-5-32-544