Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2879: Which Windows GPs will also apply to Centrify-installed systems?

Authentication Service ,  

11 April,19 at 07:54 PM

Question:
 
Which Windows GPs will also apply to Centrify-installed systems?
 
Answer:
 
Most of the settings in the default administrative GP templates will only apply to Windows computers and Windows user accounts. 
 
However there are a few common Windows configuration settings that can be applied to Centrify Suite-managed computers and users. 
 
These configuration options are NOT duplicated in Centrify Suite administrative templates.
 
Note 1: The following information can also be found on pg19-20 of the Centrify Group Policy Guide:
 
Note 2: User GPs are enabled by default on Mac systems, and disabled by default on all other UNIX/Linux systems.
 
 
Computer Group Policies
 
Computer Configuration > Administrative Templates > System > Group Policy
  • Turn off background refresh of Group Policy
  • Group Policy refresh interval for computers
  • User Group Policy loopback processing mode
 
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
  • Global Configuration Settings - MaxPollInterval
  • Enable Windows NTP Client 
 
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  • Interactive logon: Message text for users attempting to logon
  • Interactive logon: Prompt user to change password before expiration
 
Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy
  • Enforce password history
  • Maximum password age
  • Minimum password age
  • Minimum password length
  • Password must meet complexity requirements
  • Store passwords using reversible encryption
 
Computer Configuration > Windows Settings > Security Settings > Accounts Policies > Account Lockout Policy
  • Account lockout duration
  • Account lockout threshold
  • Reset account lockout counter after
 
Computer Configuration > Windows Settings > Security Settings > Accounts Policies > Kerberos Policy:
  • Enforce user logon restrictions
  • Maximum lifetime for service ticket
  • Maximum lifetime for user ticket
  • Maximum lifetime for user ticket renewal
  • Maximum tolerance for computer clock synchronization
 
User Group Policies
 
User Configuration > Administrative Templates > System > Group Policy
  • Group Policy refresh interval for users
 

Related Articles

 article[Labs] Using Centrify MFA to secure AWS WorkSpaces with Simple AD articleKB-3925: How to add Centrify parameter to a group policy articleCentrify 17.1, 17.1 Hotfix 1 & Hotfix 2 Release Notes articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleCentrify 17.4 and 17.4 Hotfix Release Notes articleCentrify 16.11 & 16.11 Hotfix 1 Release Notes articleCentrify 18.3 Release Notes articleCentrify 18.2 Release Notes articleCentrify 17.6 and 17.6 Hotfix Release Notes