本地安全策略gpedit.msc详解

执行命令secedit /export /cfg c:\gp.inf

在c盘找到文件，打开，记录下面英文的意思

[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 42
MinimumPasswordLength = 0
PasswordComplexity = 0
PasswordHistorySize = 0
LockoutBadCount = 0
RequireLogonToChangePassword = 0
ForceLogoffWhenHourExpire = 0
NewAdministratorName = "Administrator"
NewGuestName = "Guest"
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableAdminAccount = 1
EnableGuestAccount = 0
[Event Audit]
AuditSystemEvents = 0
AuditLogonEvents = 0
AuditObjectAccess = 0
AuditPrivilegeUse = 0
AuditPolicyChange = 0
AuditAccountManage = 0
AuditProcessTracking = 0
AuditDSAccess = 0
AuditAccountLogon = 0
[Version]
signature="$CHICAGO$"
Revision=1
[Registry Values]
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,"10"
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,5
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,"0"
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser=4,3
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,""
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures=4,0
MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,536870912
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,536870912
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,0
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=7,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=7,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,0
MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional=7,Posix
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes=7,
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
[Privilege Rights]
SeNetworkLogonRight = *S-1-1-0,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551
SeBackupPrivilege = *S-1-5-32-544,*S-1-5-32-551
SeChangeNotifyPrivilege = *S-1-1-0,*S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551
SeSystemtimePrivilege = *S-1-5-19,*S-1-5-32-544
SeCreatePagefilePrivilege = *S-1-5-32-544
SeDebugPrivilege = *S-1-5-32-544
SeRemoteShutdownPrivilege = *S-1-5-32-544
SeAuditPrivilege = *S-1-5-19,*S-1-5-20,DefaultAppPool
SeIncreaseQuotaPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,DefaultAppPool
SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
SeLoadDriverPrivilege = *S-1-5-32-544
SeBatchLogonRight = *S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559,*S-1-5-32-568
SeServiceLogonRight = *S-1-5-80-0,DefaultAppPool
SeInteractiveLogonRight = Guest,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551
SeSecurityPrivilege = *S-1-5-32-544
SeSystemEnvironmentPrivilege = *S-1-5-32-544
SeProfileSingleProcessPrivilege = *S-1-5-32-544
SeSystemProfilePrivilege = *S-1-5-32-544,*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420
SeAssignPrimaryTokenPrivilege = *S-1-5-19,*S-1-5-20,DefaultAppPool
SeRestorePrivilege = *S-1-5-32-544,*S-1-5-32-551
SeShutdownPrivilege = *S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551
SeTakeOwnershipPrivilege = *S-1-5-32-544
SeDenyNetworkLogonRight = Guest
SeDenyInteractiveLogonRight = Guest
SeUndockPrivilege = *S-1-5-32-544,*S-1-5-32-545
SeManageVolumePrivilege = *S-1-5-32-544
SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555
SeImpersonatePrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-568,*S-1-5-6
SeCreateGlobalPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6
SeIncreaseWorkingSetPrivilege = *S-1-5-32-545
SeTimeZonePrivilege = *S-1-5-19,*S-1-5-32-544,*S-1-5-32-545
SeCreateSymbolicLinkPrivilege = *S-1-5-32-544

MinimumPasswordAge = 0  //密码最短留存期
MaximumPasswordAge = 42    //密码最长留存期
MinimumPasswordLength = 0  //密码长度最小值
PasswordComplexity = 0 //密码必须符合复杂性要求
PasswordHistorySize = 0    //强制密码历史 N个记住的密码
LockoutBadCount = 5    //账户锁定阈值
ResetLockoutCount = 30 //账户锁定时间
LockoutDuration = 30   //复位账户锁定计数器
RequireLogonToChangePassword = 0 *下次登录必须更改密码
ForceLogoffWhenHourExpire = 0  *强制过期
NewAdministratorName = "Administrator" *管理员账户名称
NewGuestName = "Guest"   *来宾账户名称
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableAdminAccount = 1 //administrator是否禁用
EnableGuestAccount = 0 //guest是否禁用
[Event Audit]
AuditSystemEvents = 3  //审核系统事件 成功、失败
AuditLogonEvents = 3   //审核登录事件 成功、失败
AuditObjectAccess = 3  //审核对象访问 成功、失败
AuditPrivilegeUse = 2  //审核特权使用 失败
AuditPolicyChange = 3  //审核策略更改 成功、失败
AuditAccountManage = 3 //审核账户管理 成功、失败
AuditProcessTracking = 2   //审核过程追踪 失败
AuditDSAccess = 2  //审核目录服务访问 失败
AuditAccountLogon = 3  //审核账户登录事件 成功、失败

sedenyinteractivelogonright 拒绝从本地登陆
sedenynetworklogonright 拒绝从网络访问这台计算机
sedenyservicelogonright 拒绝作为服务登陆
sedenybatchlogonright 拒绝作为批处理作业登陆
seinteractivelogonright 在本地登陆
senetworklogonright 从网络访问此计算机
seservicelogonright 作为服务登陆
sebatchlogonright 作为批处理作业登陆

SeNetworkLogonRight                           //允许网络登入
SeBackupPrivilege
SeChangeNotifyPrivilege
SeSystemtimePrivilege
SeCreatePagefilePrivilege                     //创建一个页面文件
SeDebugPrivilege                              //调试程序
SeRemoteShutdownPrivilege                     //远程强制关机
SeAuditPrivilege
SeIncreaseQuotaPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege                         //加载和卸载设备驱动程序
SeBatchLogonRight
SeServiceLogonRight
SeInteractiveLogonRight                        //本地登录
SeSecurityPrivilege
SeSystemEnvironmentPrivilege
SeProfileSingleProcessPrivilege                //配置文件单个进程
SeSystemProfilePrivilege
SeAssignPrimaryTokenPrivilege
SeRestorePrivilege
SeShutdownPrivilege                           //本地强制关机
SeTakeOwnershipPrivilege                     //取得文件或其他对象所有权
SeDenyNetworkLogonRight = Guest
SeDenyInteractiveLogonRight = Guest
SeUndockPrivilege
SeManageVolumePrivilege                      //执行卷维护任务
SeRemoteInteractiveLogonRight                //允许远程登录
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeIncreaseWorkingSetPrivilege
SeTimeZonePrivilege
SeCreateSymbolicLinkPrivilege                //创建符号链接

本地安全策略gpedit.msc详解相关推荐

linux中etc下的hosts(本地IP解析)文件详解
linux中etc下的hosts(本地IP解析)文件详解 1./etc/hosts(本地解析) 很多人一提到更改hostname首先就想到修改/etc/hosts文件, 认为hostname的配置文件 ...
html5 php 数据库操作,HTML_HTML5本地数据库基础操作详解，下面分别介绍本地数据库的各 - phpStudy...
HTML5本地数据库基础操作详解下面分别介绍本地数据库的各个API及其使用方法. 1.利用openDatabase创建数据库我们可以利用openDatabase方法创建数据库.openDataba ...
Windows系统 gpedit命令详解，Windows系统使用命令行查看组策略
「作者主页」:士别三日wyx 第一步.打开cmd 按下 win 键,输入 cmd 后回车,打开「命令提示符」第二步.查看组策略在打开的cmd窗口中,输入 gpedit 后回车,即可在新弹出的窗口中 ...
java dtu 采集程序_DTU脚本编程_本地采集脚本指令详解
前言: 通过配置DTU的脚本指令实现DTU定时自动采集,用户只需知道外接仪表.无需再单独增加控制器传感器的采集流程,然后通过编写脚本指令即可让DTU按照用户的流程自动采集.上传数据.脚本实现了基本的开 ...
win7 php搭建博客,win7下wordPress本地搭建博客详解（深度亲测整理—傻瓜式详细教程） | 学步园...
搭建一个wordPress作为一个个人博客本来是特别简单的事情,但是网上的各种转载让初学者举步维艰,我就本身条件而言,会java EE,懂mysql都花费了我好长时间才搭建好本地博客. 注意:这个是本 ...
php本地文件包含漏洞,本地文件包含漏洞详解---LFI
1 概述文件包含(Local File Include)是php脚本的一大特色,程序员们为了开发的方便,常常会用到包含.比如把一系列功能函数都写进fuction.php中,之后当某个文件需要调用的时 ...
php下载文件代码详解,php将远超文件下载到本地的示例代码详解
注:这个demo适用的是yii框架,如果您使用的不是yii框架,这个方法也适用您,简单的了解一下思路/** * 保存文件到本地 * @param 文件路径 $url * @param 保存本地路径 $ ...
本地存储localStorage用法详解
一.什么是localStorage? 在HTML5中,新加入了一个localStorage特性,这个特性主要是用来作为本地存储来使用的,解决了cookie存储空间不足的问题(cookie中每条cook ...
ipv6+ssh+java_IPv6的本地联网地址计算方法详解
IPv6的世界里,如果DHCP6和SLACC这两位大佬都为没有为可怜的网卡分配IP地址,也没有人为网卡设置静态的IP地址,系统就会为网卡计算一个IPv6的网址来.这样的网址只能在本地使用,不得路由,所 ...

本地安全策略gpedit.msc详解

本地安全策略gpedit.msc详解相关推荐

最新文章

热门文章