public static void Main()
typeof(ChoXmlReader).GetAssemblyVersion().Print();
using (var r = ChoXmlReader.LoadText(xml)
.WithXmlNamespace("g", "http://www.microsoft.com/GroupPolicy/Settings") .WithXmlNamespace("t", "http://www.microsoft.com/GroupPolicy/Types") .WithXmlNamespace("s", "http://www.microsoft.com/GroupPolicy/Types/Security") .WithXmlNamespace("q1", "http://www.microsoft.com/GroupPolicy/Settings/Security") .WithXmlNamespace("q2", "http://www.microsoft.com/GroupPolicy/Settings/PublicKey") .WithXmlNamespace("q3", "http://www.microsoft.com/GroupPolicy/Settings/Registry") .WithXmlNamespace("q1", "http://www.microsoft.com/GroupPolicy/Settings/Windows/Registry") .WithXmlNamespace("q1", "http://www.microsoft.com/GroupPolicy/Settings/Security") using (var w = new ChoJSONWriter(Console.Out))
static string xml = @"<?xml version=""1.0"" encoding=""utf-16""?>
<GPO xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns=""http://www.microsoft.com/GroupPolicy/Settings"">
<Identifier xmlns=""http://www.microsoft.com/GroupPolicy/Types"">{31B2F340-016D-11D2-945F-00C04FB984F9}</Identifier> <Domain xmlns=""http://www.microsoft.com/GroupPolicy/Types"">sos.labs</Domain>
<Name>Default Domain Policy</Name>
<IncludeComments>true</IncludeComments>
<CreatedTime>2018-03-16T06:21:12</CreatedTime>
<ModifiedTime>2018-03-16T06:30:52</ModifiedTime>
<ReadTime>2018-08-28T12:35:43.4246745Z</ReadTime>
<SDDL xmlns=""http://www.microsoft.com/GroupPolicy/Types/Security"">O:DAG:DAD:PAI(A;;CCLCSWRPWPLORCWDWO;;;DA)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCLCSWRPWPLORCWDWO;;;S-1-5-21-2872888145-3513486857-3924934394-519)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-2872888145-3513486857-3924934394-519)(A;;CCLCSWRPWPLORCWDWO;;;DA)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CI;LCRPLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
<Owner xmlns=""http://www.microsoft.com/GroupPolicy/Types/Security"">
<SID xmlns=""http://www.microsoft.com/GroupPolicy/Types"">S-1-5-21-2872888145-3513486857-3924934394-512</SID>
<Name xmlns=""http://www.microsoft.com/GroupPolicy/Types"">sos\Domain Admins</Name>
<Group xmlns=""http://www.microsoft.com/GroupPolicy/Types/Security"">
<SID xmlns=""http://www.microsoft.com/GroupPolicy/Types"">S-1-5-21-2872888145-3513486857-3924934394-512</SID>
<Name xmlns=""http://www.microsoft.com/GroupPolicy/Types"">sos\Domain Admins</Name>
<PermissionsPresent xmlns=""http://www.microsoft.com/GroupPolicy/Types/Security"">true</PermissionsPresent>
<Permissions xmlns=""http://www.microsoft.com/GroupPolicy/Types/Security"">
<InheritsFromParent>false</InheritsFromParent>
<SID xmlns=""http://www.microsoft.com/GroupPolicy/Types"">S-1-5-9</SID>
<Name xmlns=""http://www.microsoft.com/GroupPolicy/Types"">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<SID xmlns=""http://www.microsoft.com/GroupPolicy/Types"">S-1-5-18</SID>
<Name xmlns=""http://www.microsoft.com/GroupPolicy/Types"">NT AUTHORITY\SYSTEM</Name>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<SID xmlns=""http://www.microsoft.com/GroupPolicy/Types"">S-1-5-11</SID>
<Name xmlns=""http://www.microsoft.com/GroupPolicy/Types"">NT AUTHORITY\Authenticated Users</Name>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<AuditingPresent xmlns=""http://www.microsoft.com/GroupPolicy/Types/Security"">false</AuditingPresent>
<FilterDataAvailable>true</FilterDataAvailable>
<VersionDirectory>4</VersionDirectory>
<VersionSysvol>4</VersionSysvol>
<Extension xmlns:q1=""http://www.microsoft.com/GroupPolicy/Settings/Security"" xsi:type=""q1:SecuritySettings"">
<q1:Name>ClearTextPassword</q1:Name>
<q1:SettingBoolean>false</q1:SettingBoolean>
<q1:Type>Password</q1:Type>
<q1:Name>LockoutBadCount</q1:Name>
<q1:SettingNumber>0</q1:SettingNumber>
<q1:Type>Account Lockout</q1:Type>
<q1:Name>MaximumPasswordAge</q1:Name>
<q1:SettingNumber>42</q1:SettingNumber>
<q1:Type>Password</q1:Type>
<q1:Name>MinimumPasswordAge</q1:Name>
<q1:SettingNumber>0</q1:SettingNumber>
<q1:Type>Password</q1:Type>
<q1:Name>MinimumPasswordLength</q1:Name>
<q1:SettingNumber>0</q1:SettingNumber>
<q1:Type>Password</q1:Type>
<q1:Name>PasswordComplexity</q1:Name>
<q1:SettingBoolean>true</q1:SettingBoolean>
<q1:Type>Password</q1:Type>
<q1:Name>PasswordHistorySize</q1:Name>
<q1:SettingNumber>0</q1:SettingNumber>
<q1:Type>Password</q1:Type>
<q1:Name>MaxClockSkew</q1:Name>
<q1:SettingNumber>5</q1:SettingNumber>
<q1:Type>Kerberos</q1:Type>
<q1:Name>MaxRenewAge</q1:Name>
<q1:SettingNumber>7</q1:SettingNumber>
<q1:Type>Kerberos</q1:Type>
<q1:Name>MaxServiceAge</q1:Name>
<q1:SettingNumber>600</q1:SettingNumber>
<q1:Type>Kerberos</q1:Type>
<q1:Name>MaxTicketAge</q1:Name>
<q1:SettingNumber>10</q1:SettingNumber>
<q1:Type>Kerberos</q1:Type>
<q1:Name>TicketValidateClient</q1:Name>
<q1:SettingBoolean>true</q1:SettingBoolean>
<q1:Type>Kerberos</q1:Type>
<q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash</q1:KeyName>
<q1:SettingNumber>1</q1:SettingNumber>
<q1:Name>Network security: Do not store LAN Manager hash value on next password change</q1:Name>
<q1:DisplayBoolean>true</q1:DisplayBoolean>
<q1:SystemAccessPolicyName>ForceLogoffWhenHourExpire</q1:SystemAccessPolicyName>
<q1:SettingNumber>0</q1:SettingNumber>
<q1:SystemAccessPolicyName>LSAAnonymousNameLookup</q1:SystemAccessPolicyName>
<q1:SettingNumber>0</q1:SettingNumber>
<Extension xmlns:q2=""http://www.microsoft.com/GroupPolicy/Settings/PublicKey"" xsi:type=""q2:PublicKeySettings"">
<q2:AllowEFS>2</q2:AllowEFS>
<q2:Options>0</q2:Options>
<q2:CacheTimeout>0</q2:CacheTimeout>
<q2:IssuedTo>Administrator</q2:IssuedTo>
<q2:IssuedBy>Administrator</q2:IssuedBy>
<q2:ExpirationDate>2118-02-20T06:28:14Z</q2:ExpirationDate>
<q2:Purpose>1.3.6.1.4.1.311.10.3.4.1</q2:Purpose>
<q2:Data>0200000001000000CC0000001C0000006C0000000100000000000000000000000000000001000000320039006200390034003400340064002D0036003600340061002D0034006500340031002D0062003300350032002D0039006200620066003500380036003400380038006100640000000000000000004D006900630072006F0073006F0066007400200045006E00680061006E006300650064002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072002000760031002E003000000000000300000001000000140000005EF3F3C64B3411F47CC0597D8E5170DF1A233A822000000001000000840300003082038030820268A0030201020210180B2A30F37F81A440175DE56F499B51300D06092A864886F70D01010505003050311630140603550403130D41646D696E6973747261746F72310C300A0603550407130345465331283026060355040B131F4546532046696C6520456E6372797074696F6E2043657274696669636174653020170D3138303331363036323831345A180F32313138303232303036323831345A3050311630140603550403130D41646D696E6973747261746F72310C300A0603550407130345465331283026060355040B131F4546532046696C6520456E6372797074696F6E20436572746966696361746530820122300D06092A864886F70D01010105000382010F003082010A0282010100BACF6F72C7B27CDC964A0B645050772327AE144A6F3CC9C1C1955F021D7DE953E4746F99E91062C8D0AC4703E4372706A3CA8644B0F7FA47DC7408F4C4EF1391333295AE6503278C9A8691E36A37ADF6EB2E99E166E3558992432ED9454DF085124BBEA2FD3595003ECD8E1AC7DED3A084523A9D8E8CBD747D9145700340DC5EAABB3749E2E29C5E4EF127C288CC1DE1B43C2D9A1BE7CA144E23169B61F6E2A088030FA1304183F5B762181B99A83BEA196E09278BDC2ABA12E1E1630793DA2FE4CA31F0F1F9BBE1F2F6AF559E0FF6219094BB4FC7B92C249A01E89D936643616E76800ACEED5AE082F1FABEDC22923D6ABD8BECBF6519F599817EB977CC80130203010001A354305230160603551D25040F300D060B2B0601040182370A030401302D0603551D1104263024A022060A2B060104018237140203A0140C1241646D696E6973747261746F7240736F730030090603551D1304023000300D06092A864886F70D01010505000382010100B408DD4629DC78A5E5C002ACFF5FB9BB1798689CA0879990F4472CD195001E60068D6D1C9E44E1019FAA02CE0A1E2FB10FB7159A6AA166DA8E91F3849B9200E71027317E348376CD0BED6C92932E885363506C556476223A27CF2DD4CCCB695E47E7EBF89312720420FE252D91C7F700032A5F7AA80C509E64AF89AE68D7EF086C82CDB231289A34618D6263AD3045A586B3587976E6F27C5AA024479AFE26C72F4E85F1577448D993CDD90E30883AEAEB13419904F3B42FCEFC57EE1C721FC2EDFECF8550CC04AB67F46CCFB067F69D7BBA19EB44E10C2869C3A3250CD5B8C8D041FEA04639E080F1BC6F95C11758C6A042802C8A37B2FAE447FBE24F736552</q2:Data>
<q2:RootCertificateSettings>
<q2:AllowNewCAs>true</q2:AllowNewCAs>
<q2:TrustThirdPartyCAs>true</q2:TrustThirdPartyCAs>
<q2:RequireUPNNamingConstraints>false</q2:RequireUPNNamingConstraints>
</q2:RootCertificateSettings>
<Extension xmlns:q3=""http:
<VersionDirectory>0</VersionDirectory>
<VersionSysvol>0</VersionSysvol>
<SOMPath>sos.labs</SOMPath>
<NoOverride>false</NoOverride>
<Identifier xmlns=""http:
<IncludeComments>true</IncludeComments>
<CreatedTime>2018-03-18T07:02:05</CreatedTime>
<ModifiedTime>2018-03-28T14:47:40</ModifiedTime>
<ReadTime>2018-08-28T12:35:46.5810219Z</ReadTime>
<PermissionsPresent xmlns=""http:
<Permissions xmlns=""http:
<InheritsFromParent>false</InheritsFromParent>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<AuditingPresent xmlns=""http:
<FilterDataAvailable>true</FilterDataAvailable>
<VersionDirectory>32</VersionDirectory>
<VersionSysvol>32</VersionSysvol>
<Extension xmlns:q1=""http:
<q1:Name>Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)</q1:Name>
<q1:State>Enabled</q1:State>
This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of BitLocker Drive Encryption recovery information. This provides an administrative method of recovering data encrypted by BitLocker to prevent data loss due to lack of key information. This policy setting is only applicable to computers running Windows Server 2008 or Windows Vista.
If you enable this policy setting, BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer. This policy setting is applied when you turn on BitLocker.
Note: You might need to set up appropriate schema extensions and access control settings on the domain before AD DS backup can succeed. More information about setting up AD DS backup for BitLocker is available on Microsoft TechNet.
BitLocker recovery information includes the recovery password and some unique identifier data. You can also include a package that contains a BitLocker-protected drive's encryption key. This key package is secured by one or more recovery passwords and may help perform specialized recovery when the disk is damaged or corrupted.
If you select the option to ""Require BitLocker backup to AD DS"" BitLocker cannot be turned on unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. This option is selected by default to help ensure that BitLocker recovery is possible. If this option is not selected, AD DS backup is attempted but network or other backup failures do not prevent BitLocker setup. Backup is not automatically retried and the recovery password may not have been stored in AD DS during BitLocker setup.
If you disable or do not configure this policy setting, BitLocker recovery information is not backed up to AD DS.
Note: Trusted Platform Module (TPM) initialization might occur during BitLocker setup. Enable the ""Turn on TPM backup to Active Directory Domain Services"" policy setting in System\Trusted Platform Module Services to ensure that TPM information is also backed up.
<q1:Supported>Windows Server 2008 and Windows Vista</q1:Supported>
<q1:Category>Windows Components/BitLocker Drive Encryption</q1:Category>
<q1:Name>Require BitLocker backup to AD DS</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>If selected, cannot turn on BitLocker if backup fails (recommended default). </q1:Name>
<q1:Name>If not selected, can turn on BitLocker even if backup fails. Backup is not automatically retried.</q1:Name>
<q1:Name>Select BitLocker recovery information to store:</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Recovery passwords and key packages</q1:Name>
<q1:Name>A recovery password is a 48-digit number that unlocks access to a BitLocker-protected drive.</q1:Name>
<q1:Name>A key package contains a drive's BitLocker encryption key secured by one or more recovery passwords</q1:Name>
<q1:Name>Key packages may help perform specialized recovery when the disk is damaged or corrupted. </q1:Name>
<q1:Name>Choose how BitLocker-protected operating system drives can be recovered</q1:Name>
<q1:State>Enabled</q1:State>
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker.
The ""Allow certificate-based data recovery agent"" check box is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.
In ""Configure user storage of BitLocker recovery information"" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
Select ""Omit recovery options from the BitLocker setup wizard"" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.
In ""Save BitLocker recovery information to Active Directory Domain Services"", choose which BitLocker recovery information to store in AD DS for operating system drives. If you select ""Backup recovery password and key package"", both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select ""Backup recovery password only,"" only the recovery password is stored in AD DS.
Select the ""Do not enable BitLocker until recovery information is stored in AD DS for operating system drives"" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
Note: If the ""Do not enable BitLocker until recovery information is stored in AD DS for operating system drives"" check box is selected, a recovery password is automatically generated.
If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.
If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
<q1:Supported>At least Windows Server 2008 R2 or Windows 7</q1:Supported>
<q1:Category>Windows Components/BitLocker Drive Encryption/Operating System Drives</q1:Category>
<q1:Name>Allow data recovery agent</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Configure user storage of BitLocker recovery information:</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Allow 48-digit recovery password</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Allow 256-bit recovery key</q1:Name>
<q1:Name>Omit recovery options from the BitLocker setup wizard</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Save BitLocker recovery information to AD DS for operating system drives</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Configure storage of BitLocker recovery information to AD DS:</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Store recovery passwords and key packages</q1:Name>
<q1:Name>Do not enable BitLocker until recovery information is stored to AD DS for operating system drives</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Require additional authentication at startup</q1:Name>
<q1:State>Enabled</q1:State>
This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker.
Note: Only one of the additional authentication options can be required at startup, otherwise a policy error occurs.
If you want to use BitLocker on a computer without a TPM, select the ""Allow BitLocker without a compatible TPM"" check box. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.
On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 4-digit to 20-digit personal identification number (PIN), or both.
If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.
If you disable or do not configure this policy setting, users can configure only basic options on computers with a TPM.
Note: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
<q1:Supported>At least Windows Server 2008 R2 or Windows 7</q1:Supported>
<q1:Category>Windows Components/BitLocker Drive Encryption/Operating System Drives</q1:Category>
<q1:Name>Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Settings for computers with a TPM:</q1:Name>
<q1:Name>Configure TPM startup:</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Allow TPM</q1:Name>
<q1:Name>Configure TPM startup PIN:</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Allow startup PIN with TPM</q1:Name>
<q1:Name>Configure TPM startup key:</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Allow startup key with TPM</q1:Name>
<q1:Name>Configure TPM startup key and PIN:</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Allow startup key and PIN with TPM</q1:Name>
<q1:Name>Require additional authentication at startup (Windows Server 2008 and Windows Vista)</q1:Name>
<q1:State>Enabled</q1:State>
This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard will be able to set up an additional authentication method that is required each time the computer starts. This policy setting is applied when you turn on BitLocker.
Note: This policy is only applicable to computers running Windows Server 2008 or Windows Vista.
On a computer with a compatible Trusted Platform Module (TPM), two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB flash drive containing a startup key. It can also require users to enter a 4-digit to 20-digit startup personal identification number (PIN).
A USB flash drive containing a startup key is needed on computers without a compatible TPM. Without a TPM, BitLocker-encrypted data is protected solely by the key material on this USB flash drive.
If you enable this policy setting, the wizard will display the page to allow the user to configure advanced startup options for BitLocker. You can further configure setting options for computers with and without a TPM.
If you disable or do not configure this policy setting, the BitLocker setup wizard will display basic steps that allow users to turn on BitLocker on computers with a TPM. In this basic wizard, no additional startup key or startup PIN can be configured.
<q1:Supported>Windows Server 2008 and Windows Vista</q1:Supported>
<q1:Category>Windows Components/BitLocker Drive Encryption/Operating System Drives</q1:Category>
<q1:Name>Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Settings for computers with a TPM:</q1:Name>
<q1:Name>Configure TPM startup key:</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Allow startup key with TPM</q1:Name>
<q1:Name>Configure TPM startup PIN:</q1:Name>
<q1:State>Enabled</q1:State>
<q1:Name>Allow startup PIN with TPM</q1:Name>
<q1:Name>Important: If you require the startup key, you must not allow the startup PIN. </q1:Name>
<q1:Name>If you require the startup PIN, you must not allow the startup key. Otherwise, a policy error occurs.</q1:Name>
<q1:Name>Note: Do not allow both startup PIN and startup key options to hide the advanced page on a computer with a TPM.</q1:Name>
<VersionDirectory>0</VersionDirectory>
<VersionSysvol>0</VersionSysvol>
<SOMName>Workstations</SOMName>
<SOMPath>sos.labs/Workstations</SOMPath>
<NoOverride>false</NoOverride>
<Identifier xmlns=""http:
<Name>Custom Event Channel Permissions</Name>
<IncludeComments>true</IncludeComments>
<CreatedTime>2018-07-11T08:37:32</CreatedTime>
<ModifiedTime>2018-07-11T08:37:32</ModifiedTime>
<ReadTime>2018-08-28T12:35:46.6591749Z</ReadTime>
<PermissionsPresent xmlns=""http:
<Permissions xmlns=""http:
<InheritsFromParent>false</InheritsFromParent>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<AuditingPresent xmlns=""http:
<FilterDataAvailable>true</FilterDataAvailable>
<VersionDirectory>1</VersionDirectory>
<VersionSysvol>1</VersionSysvol>
<Extension xmlns:q1=""http:
<q1:RegistrySettings clsid=""{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}""> <q1:Registry clsid=""{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"" name=""ChannelAccess"" status=""ChannelAccess"" image=""7"" changed=""2017-07-22 01:25:45"" uid=""{CA8FB1DB-B0A8-427A-A00D-08C1D499DC32}""> <q1:GPOSettingOrder>1</q1:GPOSettingOrder>
<q1:Properties action=""U"" displayDecimal=""0"" default=""0"" hive=""HKEY_LOCAL_MACHINE"" key=""SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DNSServer/Audit"" name=""ChannelAccess"" type=""REG_SZ"" value=""O:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;S-1-5-20)"">
<q1:Registry clsid=""{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"" name=""ChannelAccess"" status=""ChannelAccess"" image=""7"" changed=""2017-07-22 06:26:23"" uid=""{837364B6-ECD8-46E8-9FF1-35C7B0D9F5FF}""> <q1:GPOSettingOrder>2</q1:GPOSettingOrder>
<q1:Properties action=""U"" displayDecimal=""0"" default=""0"" hive=""HKEY_LOCAL_MACHINE"" key=""SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBClient/Operational"" name=""ChannelAccess"" type=""REG_SZ"" value=""O:BAG:SYD:(A;;0x5;;;BA)(A;;0x1;;;S-1-5-20)(A;;0x1;;;S-1-5-32-573)"">
<q1:Registry clsid=""{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"" name=""ChannelAccess"" status=""ChannelAccess"" image=""7"" changed=""2017-07-22 06:27:30"" uid=""{43ADFF5A-9412-44C6-8476-839EC6602558}""> <q1:GPOSettingOrder>3</q1:GPOSettingOrder>
<q1:Properties action=""U"" displayDecimal=""0"" default=""0"" hive=""HKEY_LOCAL_MACHINE"" key=""SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Audit"" name=""ChannelAccess"" type=""REG_SZ"" value=""O:BAG:SYD:(A;;0x5;;;BA)(A;;0x1;;;S-1-5-20)(A;;0x1;;;S-1-5-32-573)"">
<q1:Registry clsid=""{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"" name=""CustomSD"" status=""CustomSD"" image=""7"" changed=""2017-07-22 06:29:26"" uid=""{8D55AF86-069E-4A22-A9F9-AD8DCC1711C9}""> <q1:GPOSettingOrder>4</q1:GPOSettingOrder>
<q1:Properties action=""U"" displayDecimal=""0"" default=""0"" hive=""HKEY_LOCAL_MACHINE"" key=""SYSTEM\CurrentControlSet\Services\EventLog\DNS Server"" name=""CustomSD"" type=""REG_SZ"" value=""O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x5;;;SO)(A;;0x1;;;IU)(A;;0x1;;;SU)(A;;0x1;;;S-1-5-3)(A;;0x2;;;LS)(A;;0x2;;;NS)(A;;0x2;;;S-1-5-33)(A;;0x1;;;S-1-5-20)(A;;0x1;;;S-1-5-32-573)"">
<q1:Registry clsid=""{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"" name=""CustomSD"" status=""CustomSD"" image=""7"" changed=""2017-07-22 06:54:47"" uid=""{59ECA0A8-307C-4B14-9D55-BB118CC1B9D4}""> <q1:GPOSettingOrder>5</q1:GPOSettingOrder>
<q1:Properties action=""U"" displayDecimal=""0"" default=""0"" hive=""HKEY_LOCAL_MACHINE"" key=""SYSTEM\CurrentControlSet\Services\EventLog\Security"" name=""CustomSD"" type=""REG_SZ"" value=""O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;S-1-5-20)"">
<Name>Windows Registry</Name>
<VersionDirectory>1</VersionDirectory>
<VersionSysvol>1</VersionSysvol>
<SOMName>Domain Controllers</SOMName>
<SOMPath>sos.labs/Domain Controllers</SOMPath>
<NoOverride>true</NoOverride>
<Identifier xmlns=""http:
<Name>Default Domain Controllers Policy</Name>
<IncludeComments>true</IncludeComments>
<CreatedTime>2018-03-16T06:21:12</CreatedTime>
<ModifiedTime>2018-07-13T04:38:17</ModifiedTime>
<ReadTime>2018-08-28T12:35:46.6904051Z</ReadTime>
<PermissionsPresent xmlns=""http:
<Permissions xmlns=""http:
<InheritsFromParent>false</InheritsFromParent>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<AuditingPresent xmlns=""http:
<FilterDataAvailable>true</FilterDataAvailable>
<VersionDirectory>4</VersionDirectory>
<VersionSysvol>4</VersionSysvol>
<Extension xmlns:q1=""http:
<q1:UserRightsAssignment>
<q1:Name>SeAssignPrimaryTokenPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeAuditPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeBackupPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeBatchLogonRight</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeChangeNotifyPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeCreatePagefilePrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeDebugPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeEnableDelegationPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeIncreaseBasePriorityPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeIncreaseQuotaPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeInteractiveLogonRight</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeLoadDriverPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeMachineAccountPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeNetworkLogonRight</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeProfileSingleProcessPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeRemoteShutdownPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeRestorePrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeSecurityPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeShutdownPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeSystemEnvironmentPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeSystemProfilePrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeSystemTimePrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeTakeOwnershipPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:UserRightsAssignment>
<q1:Name>SeUndockPrivilege</q1:Name>
</q1:UserRightsAssignment>
<q1:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature</q1:KeyName>
<q1:SettingNumber>1</q1:SettingNumber>
<q1:Name>Microsoft network server: Digitally sign communications (if client agrees)</q1:Name>
<q1:DisplayBoolean>true</q1:DisplayBoolean>
<q1:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature</q1:KeyName>
<q1:SettingNumber>1</q1:SettingNumber>
<q1:Name>Microsoft network server: Digitally sign communications (always)</q1:Name>
<q1:DisplayBoolean>true</q1:DisplayBoolean>
<q1:KeyName>MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal</q1:KeyName>
<q1:SettingNumber>1</q1:SettingNumber>
<q1:Name>Domain member: Digitally encrypt or sign secure channel data (always)</q1:Name>
<q1:DisplayBoolean>true</q1:DisplayBoolean>
<q1:KeyName>MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity</q1:KeyName>
<q1:SettingNumber>1</q1:SettingNumber>
<q1:Name>Domain controller: LDAP server signing requirements</q1:Name>
<q1:DisplayString>None</q1:DisplayString>
<Extension xmlns:q2=""http:
<q2:PolicyTarget>System</q2:PolicyTarget>
<q2:SubcategoryName>Audit Kerberos Authentication Service</q2:SubcategoryName>
<q2:SubcategoryGuid>{0cce9242-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid> <q2:SettingValue>3</q2:SettingValue>
<q2:PolicyTarget>System</q2:PolicyTarget>
<q2:SubcategoryName>Audit Directory Service Access</q2:SubcategoryName>
<q2:SubcategoryGuid>{0cce923b-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid> <q2:SettingValue>3</q2:SettingValue>
<q2:PolicyTarget>System</q2:PolicyTarget>
<q2:SubcategoryName>Audit Logon</q2:SubcategoryName>
<q2:SubcategoryGuid>{0cce9215-69ae-11d9-bed3-505054503030}</q2:SubcategoryGuid> <q2:SettingValue>3</q2:SettingValue>
<Name>Advanced Audit Configuration</Name>
<VersionDirectory>0</VersionDirectory>
<VersionSysvol>0</VersionSysvol>
<SOMName>Domain Controllers</SOMName>
<SOMPath>sos.labs/Domain Controllers</SOMPath>
<NoOverride>false</NoOverride>
<Identifier xmlns=""http:
<Name>Domain Controllers Enhanced Auditing Policy</Name>
<IncludeComments>true</IncludeComments>
<CreatedTime>2018-07-13T04:23:42</CreatedTime>
<ModifiedTime>2018-07-13T04:23:43</ModifiedTime>
<ReadTime>2018-08-28T12:35:46.7685363Z</ReadTime>
<PermissionsPresent xmlns=""http:
<Permissions xmlns=""http:
<InheritsFromParent>false</InheritsFromParent>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<AuditingPresent xmlns=""http:
<FilterDataAvailable>true</FilterDataAvailable>
<VersionDirectory>1</VersionDirectory>
<VersionSysvol>1</VersionSysvol>
<Extension xmlns:q1=""http:
<q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditReceivingNTLMTraffic</q1:KeyName>
<q1:SettingNumber>2</q1:SettingNumber>
<q1:Name>Network security: Restrict NTLM: Audit Incoming NTLM Traffic</q1:Name>
<q1:DisplayString>Enable auditing for all accounts</q1:DisplayString>
<q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic</q1:KeyName>
<q1:SettingNumber>1</q1:SettingNumber>
<q1:Name>Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers</q1:Name>
<q1:DisplayString>Audit all</q1:DisplayString>
<q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy</q1:KeyName>
<q1:SettingNumber>1</q1:SettingNumber>
<q1:Name>Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings</q1:Name>
<q1:DisplayBoolean>true</q1:DisplayBoolean>
<q1:KeyName>MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\AuditNTLMInDomain</q1:KeyName>
<q1:SettingNumber>7</q1:SettingNumber>
<q1:Name>Network security: Restrict NTLM: Audit NTLM authentication in this domain</q1:Name>
<q1:DisplayString>Enable all</q1:DisplayString>
<q1:StartupMode>Automatic</q1:StartupMode>
<PermissionsPresent xmlns=""http:
<AuditingPresent xmlns=""http:
<Extension xmlns:q2=""http:
<q2:RegistrySettings clsid=""{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}""> <q2:Registry clsid=""{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"" name=""RestrictRemoteSamEventThrottlingWindow"" status=""RestrictRemoteSamEventThrottlingWindow"" image=""7"" changed=""2017-07-26 04:57:18"" uid=""{D232208A-0CBB-4FA1-BE41-D8A402116908}""> <q2:GPOSettingOrder>1</q2:GPOSettingOrder>
<q2:Properties action=""U"" displayDecimal=""0"" default=""0"" hive=""HKEY_LOCAL_MACHINE"" key=""SYSTEM\CurrentControlSet\Control\Lsa"" name=""RestrictRemoteSamEventThrottlingWindow"" type=""REG_SZ"" value=""0"">
<Name>Windows Registry</Name>
<Extension xmlns:q3=""http:
<q3:Name>Include command line in process creation events</q3:Name>
<q3:State>Enabled</q3:State>
This policy setting determines what information is logged in security audit events when a new process has been created.
This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, ""a new process has been created,"" on the workstations and servers on which this policy setting is applied.
If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.
Note: When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information such as passwords or user data.
<q3:Supported>At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1</q3:Supported>
<q3:Category>System/Audit Process Creation</q3:Category>
<q3:Name>Specify the maximum log file size (KB)</q3:Name>
<q3:State>Enabled</q3:State>
This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
<q3:Supported>At least Windows Vista</q3:Supported>
<q3:Category>Windows Components/Event Log Service/Application</q3:Category>
<q3:Name>Maximum Log Size (KB)</q3:Name>
<q3:State>Enabled</q3:State>
<q3:Value>102400</q3:Value>
<q3:Name>Specify the maximum log file size (KB)</q3:Name>
<q3:State>Enabled</q3:State>
This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
<q3:Supported>At least Windows Vista</q3:Supported>
<q3:Category>Windows Components/Event Log Service/Security</q3:Category>
<q3:Name>Maximum Log Size (KB)</q3:Name>
<q3:State>Enabled</q3:State>
<q3:Value>4194304</q3:Value>
<q3:Name>Specify the maximum log file size (KB)</q3:Name>
<q3:State>Enabled</q3:State>
This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
<q3:Supported>At least Windows Vista</q3:Supported>
<q3:Category>Windows Components/Event Log Service/System</q3:Category>
<q3:Name>Maximum Log Size (KB)</q3:Name>
<q3:State>Enabled</q3:State>
<q3:Value>102400</q3:Value>
<q3:Name>Allow Remote Shell Access</q3:Name>
<q3:State>Enabled</q3:State>
This policy setting configures access to remote shells.
If you enable or do not configure this policy setting, new remote shell connections are accepted by the server.
If you set this policy to ‘disabled’, new remote shell connections are rejected by the server.
<q3:Supported>At least Windows Vista</q3:Supported>
<q3:Category>Windows Components/Windows Remote Shell</q3:Category>
<q3:KeyPath>Software\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Enroll\HcsGroups</q3:KeyPath>
<q3:AdmSetting>false</q3:AdmSetting>
<q3:KeyPath>Software\Policies\Microsoft\NetworkAccessProtection\ClientConfig\UI</q3:KeyPath>
<q3:AdmSetting>false</q3:AdmSetting>
<q3:KeyPath>Software\Policies\Microsoft\Windows\Safer</q3:KeyPath>
<q3:AdmSetting>false</q3:AdmSetting>
<VersionDirectory>1</VersionDirectory>
<VersionSysvol>1</VersionSysvol>
<SOMName>Domain Controllers</SOMName>
<SOMPath>sos.labs/Domain Controllers</SOMPath>
<NoOverride>true</NoOverride>
<Identifier xmlns=""http:
<IncludeComments>true</IncludeComments>
<CreatedTime>2018-03-18T06:37:07</CreatedTime>
<ModifiedTime>2018-03-18T06:48:08</ModifiedTime>
<ReadTime>2018-08-28T12:35:46.7997905Z</ReadTime>
<PermissionsPresent xmlns=""http:
<Permissions xmlns=""http:
<InheritsFromParent>false</InheritsFromParent>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<AuditingPresent xmlns=""http:
<FilterDataAvailable>true</FilterDataAvailable>
<VersionDirectory>18</VersionDirectory>
<VersionSysvol>18</VersionSysvol>
<Extension xmlns:q1=""http:
<q1:Identifier>{12f9ef0c-28ea-4722-b970-6447231d7a4e}</q1:Identifier> <q1:Name>Local Administrator Password Solution x64</q1:Name>
<q1:Path>\\sos.labs\SYSVOL\sos.labs\scripts\LAPS\LAPS.x64.msi</q1:Path>
<q1:MajorVersion>6</q1:MajorVersion>
<q1:MinorVersion>2</q1:MinorVersion>
<q1:LanguageId>1033</q1:LanguageId>
<q1:Architecture>9</q1:Architecture>
<q1:IgnoreLanguage>false</q1:IgnoreLanguage>
<q1:Allowx86Onia64>true</q1:Allowx86Onia64>
<q1:AutoInstall>true</q1:AutoInstall>
<q1:DisplayInARP>true</q1:DisplayInARP>
<q1:IncludeCOM>true</q1:IncludeCOM>
<PermissionsPresent xmlns=""http:
<Permissions xmlns=""http:
<InheritsFromParent>true</InheritsFromParent>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>false</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Full Control</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983551</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>false</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<AccessMask>131220</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>false</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Full Control</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983551</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<AccessMask>256</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<SoftwareInstallationGroupedAccessEnum>Write</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983295</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<SoftwareInstallationGroupedAccessEnum>Write</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983295</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<AccessMask>131220</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<AccessMask>131220</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<SoftwareInstallationGroupedAccessEnum>Write</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983295</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<SoftwareInstallationGroupedAccessEnum>Write</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983295</AccessMask>
<AuditingPresent xmlns=""http:
<InheritsFromParent>true</InheritsFromParent>
<Type xsi:type=""AuditType"">
<AuditType>Success</AuditType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<AccessMask>262176</AccessMask>
<Type xsi:type=""AuditType"">
<AuditType>Success</AuditType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<AccessMask>32</AccessMask>
<Type xsi:type=""AuditType"">
<AuditType>Success</AuditType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<AccessMask>32</AccessMask>
<q1:DeploymentType>Assign</q1:DeploymentType>
<q1:ProductId>{ea8cb806-c109-4700-96b4-f1f268e5036c}</q1:ProductId> <q1:ScriptPath>\\sos.labs\SysVol\sos.labs\Policies\{F3768285-65F2-4483-9050-0ED8E69A2ECB}\Machine\Applications\{B9F27C54-E6A5-4CCB-BADF-1B77F05531AA}.aas</q1:ScriptPath> <q1:DeploymentCount>0</q1:DeploymentCount>
<q1:InstallationUILevel>Maximum</q1:InstallationUILevel>
<q1:Mandatory>true</q1:Mandatory>
<q1:UninstallUnmanaged>false</q1:UninstallUnmanaged>
<q1:LossOfScopeAction>Unmanage</q1:LossOfScopeAction>
<q1:Identifier>{eedd831b-daab-4a40-92ee-6e20363f889e}</q1:Identifier> <q1:Name>Local Administrator Password Solution x86</q1:Name>
<q1:Path>\\sos.labs\SYSVOL\sos.labs\scripts\LAPS\LAPS.x86.msi</q1:Path>
<q1:MajorVersion>6</q1:MajorVersion>
<q1:MinorVersion>2</q1:MinorVersion>
<q1:LanguageId>1033</q1:LanguageId>
<q1:Architecture>0</q1:Architecture>
<q1:IgnoreLanguage>false</q1:IgnoreLanguage>
<q1:Allowx86Onia64>false</q1:Allowx86Onia64>
<q1:AutoInstall>true</q1:AutoInstall>
<q1:DisplayInARP>true</q1:DisplayInARP>
<q1:IncludeCOM>true</q1:IncludeCOM>
<PermissionsPresent xmlns=""http:
<Permissions xmlns=""http:
<InheritsFromParent>true</InheritsFromParent>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>false</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Full Control</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983551</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>false</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<AccessMask>131220</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>false</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Full Control</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983551</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<AccessMask>256</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<SoftwareInstallationGroupedAccessEnum>Write</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983295</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<SoftwareInstallationGroupedAccessEnum>Write</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983295</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<AccessMask>131220</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<AccessMask>131220</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<SoftwareInstallationGroupedAccessEnum>Write</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983295</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<SoftwareInstallationGroupedAccessEnum>Read</SoftwareInstallationGroupedAccessEnum>
<SoftwareInstallationGroupedAccessEnum>Write</SoftwareInstallationGroupedAccessEnum>
<AccessMask>983295</AccessMask>
<AuditingPresent xmlns=""http:
<InheritsFromParent>true</InheritsFromParent>
<Type xsi:type=""AuditType"">
<AuditType>Success</AuditType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<AccessMask>262176</AccessMask>
<Type xsi:type=""AuditType"">
<AuditType>Success</AuditType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<AccessMask>32</AccessMask>
<Type xsi:type=""AuditType"">
<AuditType>Success</AuditType>
<Inherited>true</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<AccessMask>32</AccessMask>
<q1:DeploymentType>Assign</q1:DeploymentType>
<q1:ProductId>{937a3762-f1d5-45f3-aa20-f7c5cba7fbac}</q1:ProductId> <q1:ScriptPath>\\sos.labs\SysVol\sos.labs\Policies\{F3768285-65F2-4483-9050-0ED8E69A2ECB}\Machine\Applications\{CC298912-08DF-42C4-A51C-D0F1193C3596}.aas</q1:ScriptPath> <q1:DeploymentCount>0</q1:DeploymentCount>
<q1:InstallationUILevel>Maximum</q1:InstallationUILevel>
<q1:Mandatory>true</q1:Mandatory>
<q1:UninstallUnmanaged>false</q1:UninstallUnmanaged>
<q1:LossOfScopeAction>Unmanage</q1:LossOfScopeAction>
<Name>Software Installation</Name>
<Extension xmlns:q2=""http:
<q2:Nla xsi:nil=""true"" />
<q2:Fallback xsi:nil=""true"" />
<q2:Query xsi:nil=""true"" />
<Name>Name Resolution Policy</Name>
<Extension xmlns:q3=""http:
<q3:Name>Do not allow password expiration time longer than required by policy</q3:Name>
<q3:State>Enabled</q3:State>
When you enable this setting, planned password expiration longer than password age dictated by ""Password Settings"" policy is NOT allowed. When such expiration is detected, password is changed immediately and password expiration is set according to policy.
When you disable or not configure this setting, password expiration time may be longer than required by ""Password Settings"" policy.
<q3:Supported>At least Microsoft Windows Vista or Windows Server 2003 family</q3:Supported>
<q3:Category>LAPS</q3:Category>
<q3:Name>Enable local admin password management</q3:Name>
<q3:State>Enabled</q3:State>
Enables management of password for local administrator account
If you enable this setting, local administrator password is managed
If you disable or not configure this setting, local administrator password is NOT managed
<q3:Supported>At least Microsoft Windows Vista or Windows Server 2003 family</q3:Supported>
<q3:Category>LAPS</q3:Category>
<q3:Name>Name of administrator account to manage</q3:Name>
<q3:State>Enabled</q3:State>
Administrator account name: name of the local account you want to manage password for.
DO NOT configure when you use built-in admin account. Built-in admin account is auto-detected by well-known SID, even when renamed
DO configure when you use custom local admin account
<q3:Supported>At least Microsoft Windows Vista or Windows Server 2003 family</q3:Supported>
<q3:Category>LAPS</q3:Category>
<q3:Name>Administrator account name</q3:Name>
<q3:State>Enabled</q3:State>
<q3:Name>Password Settings</q3:Name>
<q3:State>Enabled</q3:State>
Configures password parameters
Password complexity: which characters are used when generating a new password
Default: Large letters + small letters + numbers + special characters
<q3:Supported>At least Microsoft Windows Vista or Windows Server 2003 family</q3:Supported>
<q3:Category>LAPS</q3:Category>
<q3:Name>Password Complexity</q3:Name>
<q3:State>Enabled</q3:State>
<q3:Name>Large letters + small letters + numbers + specials</q3:Name>
<q3:Name>Password Length</q3:Name>
<q3:State>Enabled</q3:State>
<q3:Name>Password Age (Days)</q3:Name>
<q3:State>Enabled</q3:State>
<VersionDirectory>0</VersionDirectory>
<VersionSysvol>0</VersionSysvol>
<SOMName>Workstations</SOMName>
<SOMPath>sos.labs/Workstations</SOMPath>
<NoOverride>false</NoOverride>
<Identifier xmlns=""http:
<Name>Windows Event Forwarding Server</Name>
<IncludeComments>true</IncludeComments>
<CreatedTime>2018-07-11T08:34:21</CreatedTime>
<ModifiedTime>2018-07-11T12:16:13</ModifiedTime>
<ReadTime>2018-08-28T12:35:46.8154164Z</ReadTime>
<PermissionsPresent xmlns=""http:
<Permissions xmlns=""http:
<InheritsFromParent>false</InheritsFromParent>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<Type xsi:type=""PermissionType"">
<PermissionType>Allow</PermissionType>
<Inherited>false</Inherited>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
<AccessMask>0</AccessMask>
<AuditingPresent xmlns=""http:
<FilterDataAvailable>true</FilterDataAvailable>
<VersionDirectory>3</VersionDirectory>
<VersionSysvol>3</VersionSysvol>
<Extension xmlns:q1=""http:
<q1:Name>Configure target Subscription Manager</q1:Name>
<q1:State>Enabled</q1:State>
This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.
Use the following syntax when using the HTTPS protocol:
If you disable or do not configure this policy setting, the Event Collector computer will not be specified.
<q1:Supported>At least Windows Vista</q1:Supported>
<q1:Category>Windows Components/Event Forwarding</q1:Category>
<q1:Name>SubscriptionManagers</q1:Name>
<q1:State>Enabled</q1:State>
<q1:ExplicitValue>false</q1:ExplicitValue>
<q1:Additive>false</q1:Additive>
<VersionDirectory>1</VersionDirectory>
<VersionSysvol>1</VersionSysvol>
<SOMName>Domain Controllers</SOMName>
<SOMPath>sos.labs/Domain Controllers</SOMPath>
<NoOverride>true</NoOverride>
