Applies to: All versions of Centrify DirectControl on all platforms
Question:
Which Windows GPs will also apply to Centrify-installed systems?
Answer:
Most of the settings in the default administrative GP templates will only apply to Windows computers and Windows user accounts.
However there are a few common Windows configuration settings that can be applied to Centrify Suite-managed computers and users.
These configuration options are NOT duplicated in Centrify Suite administrative templates.
Note 2: User GPs are enabled by default on Mac systems, and disabled by default on all other UNIX/Linux systems.
Computer Group Policies
Computer Configuration > Administrative Templates > System > Group Policy
-
Turn off background refresh of Group Policy
-
Group Policy refresh interval for computers
-
User Group Policy loopback processing mode
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
-
Global Configuration Settings - MaxPollInterval
-
Enable Windows NTP Client
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
-
Interactive logon: Message text for users attempting to logon
-
Interactive logon: Prompt user to change password before expiration
Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy
-
Enforce password history
-
Maximum password age
-
Minimum password age
-
Minimum password length
-
Password must meet complexity requirements
-
Store passwords using reversible encryption
Computer Configuration > Windows Settings > Security Settings > Accounts Policies > Account Lockout Policy
-
Account lockout duration
-
Account lockout threshold
-
Reset account lockout counter after
Computer Configuration > Windows Settings > Security Settings > Accounts Policies > Kerberos Policy:
-
Enforce user logon restrictions
-
Maximum lifetime for service ticket
-
Maximum lifetime for user ticket
-
Maximum lifetime for user ticket renewal
-
Maximum tolerance for computer clock synchronization
User Group Policies
User Configuration > Administrative Templates > System > Group Policy
-
Group Policy refresh interval for users