Question:
Which Windows GPs will also apply to Centrify-installed systems?
Answer:
Most of the settings in the default administrative GP templates will only apply to Windows computers and Windows user accounts.
However there are a few common Windows configuration settings that can be applied to Centrify Suite-managed computers and users.
These configuration options are NOT duplicated in Centrify Suite administrative templates.
Note 2: User GPs are enabled by default on Mac systems, and disabled by default on all other UNIX/Linux systems.
Computer Group Policies
Computer Configuration > Administrative Templates > System > Group Policy
- Turn off background refresh of Group Policy
- Group Policy refresh interval for computers
- User Group Policy loopback processing mode
Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
- Global Configuration Settings - MaxPollInterval
- Enable Windows NTP Client
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
- Interactive logon: Message text for users attempting to logon
- Interactive logon: Prompt user to change password before expiration
Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy
- Enforce password history
- Maximum password age
- Minimum password age
- Minimum password length
- Password must meet complexity requirements
- Store passwords using reversible encryption
Computer Configuration > Windows Settings > Security Settings > Accounts Policies > Account Lockout Policy
- Account lockout duration
- Account lockout threshold
- Reset account lockout counter after
Computer Configuration > Windows Settings > Security Settings > Accounts Policies > Kerberos Policy:
- Enforce user logon restrictions
- Maximum lifetime for service ticket
- Maximum lifetime for user ticket
- Maximum lifetime for user ticket renewal
- Maximum tolerance for computer clock synchronization
User Group Policies
User Configuration > Administrative Templates > System > Group Policy
- Group Policy refresh interval for users