Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2879: Which Windows GPs will also apply to Centrify-installed systems?

Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:07 AM

Applies to: All versions of Centrify DirectControl on all platforms
 
Question:
 
Which Windows GPs will also apply to Centrify-installed systems?
 
Answer:
 
Most of the settings in the default administrative GP templates will only apply to Windows computers and Windows user accounts. 
 
However there are a few common Windows configuration settings that can be applied to Centrify Suite-managed computers and users. 
 
These configuration options are NOT duplicated in Centrify Suite administrative templates.
 
Note 1: The following information can also be found on pg19-20 of the Centrify Group Policy Guide:
 
Note 2: User GPs are enabled by default on Mac systems, and disabled by default on all other UNIX/Linux systems.
 
 
Computer Group Policies
 
Computer Configuration > Administrative Templates > System > Group Policy
  • Turn off background refresh of Group Policy
  • Group Policy refresh interval for computers
  • User Group Policy loopback processing mode
 
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
  • Global Configuration Settings - MaxPollInterval
  • Enable Windows NTP Client 
 
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  • Interactive logon: Message text for users attempting to logon
  • Interactive logon: Prompt user to change password before expiration
 
Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy
  • Enforce password history
  • Maximum password age
  • Minimum password age
  • Minimum password length
  • Password must meet complexity requirements
  • Store passwords using reversible encryption
 
Computer Configuration > Windows Settings > Security Settings > Accounts Policies > Account Lockout Policy
  • Account lockout duration
  • Account lockout threshold
  • Reset account lockout counter after
 
Computer Configuration > Windows Settings > Security Settings > Accounts Policies > Kerberos Policy:
  • Enforce user logon restrictions
  • Maximum lifetime for service ticket
  • Maximum lifetime for user ticket
  • Maximum lifetime for user ticket renewal
  • Maximum tolerance for computer clock synchronization
 
User Group Policies
 
User Configuration > Administrative Templates > System > Group Policy
  • Group Policy refresh interval for users
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-3001: Troubleshooting Group Policy issues on Mac systems. articleKB-3000: Troubleshooting login issues on Mac systems. articleKB-3519: 802.1x GPs not creating the expected Profiles on Mac OS X articleKB-2917: Refreshing User GPs reports "Can not invoke GP for [username]: Kerberos credentials not found for current user." articleKB-1938: How to find the CFBundleIdentifier of applications on Mac systems articleKB-6642: Getting started with 802.1X for Mac - Configuration Overview articleKB-3925: How to add Centrify parameter to a group policy articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-1613: AD users are unable to pause/stop printer jobs on Mac systems.