5 Configuration Instructions for UseCLARUS® 5005.11 System Administration90 / 192 2660021171806 Rev. A 2019-01Policy SettingDomain member: Digitally encrypt secure channel data (when possible) EnabledDomain member: Digitally sign secure channel data (when possible) EnabledDomain member: Disable machine account password changes DisabledDomain member: Maximum machine account password age 30 day(s)Domain member: Require strong (Windows 2000 or later) session key EnabledDon't allow SmartScreen Filter warning overrides DisabledEnable computer and user accounts to be trusted for delegation No OneEnable insecure guest logons DisabledEnable local admin password management EnabledEnable RPC Endpoint Mapper Client Authentication EnabledEnable screen saver EnabledEnforce password history 24 password(s)Enumerate administrator accounts on elevation DisabledEnumerate local users on domain-joined computers DisabledForce shutdown from a remote system AdministratorsGenerate security audits Local Service,Network ServiceHardened UNC PathsHardened UNC Paths:Hardened UNC Paths: = \\*\NETLOGON"RequireMutualAuthentication = 1RequireIntegrity = 1EnabledImpersonate a client after authentication Administrators,SERVICE, LocalService, NetworkServiceInclude command line in process creation events EnabledIncrease scheduling priority AdministratorsInteractive logon: Machine account lockout threshold 10 invalid logonattemptsInteractive logon: Machine inactivity limit 900 secondsInteractive logon: Number of previous logons to cache (in case domain controlleris not available)10 logon(s)Interactive logon: Prompt user to change password before expiration 5 day(s)
