; Copyright (c) Microsoft Corporation.  All rights reserved.
;
; Security Configuration Template for Security Configuration Editor
;
; Template Name:    DCFirst.INF
; Template Version: 05.00.DF.0000
;
; Contains Default Policy Settings for Windows NT 5.0 Domain Controller.
; This template is NOT used by SCE during setup
; This template is applied via GP during Winlogon for the first DC in a Tree
; This template should NOT be used on Workstations or Servers.
;
; Please DO NOT EDIT version section.
;
[version]
signature="$CHICAGO$"
revision=1
DriverVer=06/21/2006,6.3.9600.20610

[Kerberos Policy]
; in hours
MaxTicketAge=10
; in days
MaxRenewAge=7
; in minutes
MaxServiceAge=600
; in minutes
MaxClockSkew=5
; enforce user logon restrictions = yes
TicketValidateClient=1

;----------------------------------------------------------------
;Registry Values
;----------------------------------------------------------------
[Registry Values]
; Registry value name in full path = Type, Value
; REG_SZ                      ( 1 )
; REG_EXPAND_SZ               ( 2 )  // with environment variables to expand
; REG_BINARY                  ( 3 )
; REG_DWORD                   ( 4 )
; REG_MULTI_SZ                ( 7 )

MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1

;----------------------------------------------------------------------
;   Restricted Groups
;----------------------------------------------------------------------
[Group Membership]
;Accounts Created During Server Role are Maintained so ignore groups.

;Operational Groups
;%SceInfBackupOp%__Memberof =
;%SceInfBackupOp%__Members =
;%SceInfGuests%__Memberof =
;%SceInfPrintOp%__Members =
;%SceInfReplicator%__Memberof =
;%SceInfReplicator%__Members =
;%SceInfServerOp%__Memberof =
;%SceInfServerOp%__Members =

;Account Groups
;%SceInfAccountOp%__Memberof =
;%SceInfAccountOp%__Members =
;%SceInfAdmins%__Memberof =
;%SceInfAdmins%__Members = %SceInfAdministrator%, %SceInfDomainAdmins%
;%SceInfDomainAdmins%__Memberof =
;%SceInfDomainAdmins%__Members = %SceInfAdministrator%
;%SceInfDomainGuests%__Memberof =
;%SceInfDomainGuests%__Members = %SceInfGuest%
;%SceInfDomainUsers%__Memberof =
;%SceInfDomainUsers%__Members = %SceInfAdministrator%
;%SceInfUsers%__Memberof =
;%SceInfUsers%__Members = %SceInfDomainUsers%
;%SceInfGuests%__Members = %SceInfDomainGuests%
;%SceInfPrintOp%__Memberof =

[System Access]
;----------------------------------------------------------------
;Account Policies - Password Policy
;----------------------------------------------------------------
MinimumPasswordAge = 1
MaximumPasswordAge = 42
MinimumPasswordLength = 7
PasswordComplexity = 1
PasswordHistorySize = 24
RequireLogonToChangePassword = 0
ClearTextPassword = 0

;----------------------------------------------------------------
;Account Policies - Lockout Policy
;----------------------------------------------------------------
;No Account Lockout
LockoutBadCount = 0

;The following are not configured when No Account Lockout
;ResetLockoutCount = 30
;LockoutDuration = 30
;AllowAdministratorLockout = 0

;----------------------------------------------------------------
;Local Policies - Security Options
;----------------------------------------------------------------
;DC Only
ForceLogoffWhenHourExpire = 0
LSAAnonymousNameLookup = 0

;NewAdministatorName =
;NewGuestName =
;SecureSystemPartition


[Strings]

SceInfAdministrator = "Administrator"
SceInfAdmins = "Administrators"
SceInfAcountOp = "Account Operators"
SceInfAuthUsers = "Authenticated Users"
SceInfBackupOp = "Backup Operators"
SceInfDomainAdmins = "Domain Admins"
SceInfDomainGuests = "Domain Guests"
SceInfDomainUsers = "Domain Users"
SceInfEveryone = "Everyone"
SceInfGuests = "Guests"
SceInfGuest = "Guest"
SceInfPowerUsers = "Power Users"
SceInfPrintOp = "Print Operators"
SceInfReplicator = "Replicator"
SceInfServerOp = "Server Operators"
SceInfUsers = "Users"
SceInfMTSAdmins = "MTS Administrators"
SceInfMTSImpersonators = "MTS Impersonators"
SceInfMTSAdmin = "MTS_Admin"