Tests/results.xml
|
<?xml version="1.0" encoding="utf-16"?>
<Rsop xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.microsoft.com/GroupPolicy/Rsop"> <ReadTime>2018-01-03T01:23:57.09881Z</ReadTime> <DataType>LoggedData</DataType> <UserResults> <Version>2228228</Version> <Name>saicgmac\sec_v_xsfrew_rw</Name> <Domain>dir.saicgmac.com</Domain> <SOM>dir.saicgmac.com/Accounts/Privileged Accounts/Admin Accounts</SOM> <Site>CNSHA01</Site> <SearchedSOM> <Path>dir.saicgmac.com/Accounts/Privileged Accounts/Admin Accounts</Path> <Type>OU</Type> <Order>6</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SearchedSOM> <Path>Local</Path> <Type>Local</Type> <Order>1</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SearchedSOM> <Path>dir.saicgmac.com/Accounts/Privileged Accounts</Path> <Type>OU</Type> <Order>5</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SearchedSOM> <Path>dir.saicgmac.com</Path> <Type>Domain</Type> <Order>3</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SearchedSOM> <Path>dir.saicgmac.com/Accounts</Path> <Type>OU</Type> <Order>4</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SearchedSOM> <Path>dir.saicgmac.com/Configuration/Sites/CNSHA01</Path> <Type>Site</Type> <Order>2</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-731736828-2385216188-4234868085-513</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">saicgmac\Domain Users</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-1-0</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Everyone</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-545</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Users</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-14</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\REMOTE INTERACTIVE LOGON</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-4</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\INTERACTIVE</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-15</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\This Organization</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-2-0</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">LOCAL</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-18-1</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Authentication authority asserted identity</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-16-12288</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Mandatory Label\High Mandatory Level</Name> </SecurityGroup> <SlowLink>false</SlowLink> <ExtensionStatus> <Name>Group Policy Infrastructure</Name> <Identifier>{00000000-0000-0000-0000-000000000000}</Identifier> <BeginTime>2018-01-03T00:38:43</BeginTime> <EndTime>2018-01-03T00:38:44</EndTime> <LoggingStatus>Complete</LoggingStatus> <Error>0</Error> </ExtensionStatus> <ExtensionStatus> <Name>Registry</Name> <Identifier>{35378EAC-683F-11D2-A89A-00C04FBBCFA2}</Identifier> <BeginTime>2017-11-08T09:26:06</BeginTime> <EndTime>2017-11-08T09:26:06</EndTime> <LoggingStatus>Complete</LoggingStatus> <Error>0</Error> </ExtensionStatus> <GPO> <Name>Default Domain Policy</Name> <Path> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{31B2F340-016D-11D2-945F-00C04FB984F9}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </Path> <VersionDirectory>40</VersionDirectory> <VersionSysvol>65535</VersionSysvol> <Enabled>true</Enabled> <IsValid>true</IsValid> <FilterAllowed>true</FilterAllowed> <AccessDenied>false</AccessDenied> <Link> <SOMPath>dir.saicgmac.com</SOMPath> <SOMOrder>1</SOMOrder> <AppliedOrder>2</AppliedOrder> <LinkOrder>2</LinkOrder> <Enabled>true</Enabled> <NoOverride>false</NoOverride> </Link> </GPO> <GPO> <Name>Local Group Policy</Name> <Path> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </Path> <VersionDirectory>4</VersionDirectory> <VersionSysvol>4</VersionSysvol> <Enabled>true</Enabled> <IsValid>true</IsValid> <FilterAllowed>true</FilterAllowed> <AccessDenied>false</AccessDenied> <Link> <SOMPath>Local</SOMPath> <SOMOrder>1</SOMOrder> <AppliedOrder>1</AppliedOrder> <LinkOrder>1</LinkOrder> <Enabled>true</Enabled> <NoOverride>false</NoOverride> </Link> </GPO> <ExtensionData> <Extension xmlns:q1="http://www.microsoft.com/GroupPolicy/Settings/Registry" xsi:type="q1:RegistrySettings" xmlns="http://www.microsoft.com/GroupPolicy/Settings" /> <Name xmlns="http://www.microsoft.com/GroupPolicy/Settings">Registry</Name> </ExtensionData> </UserResults> <ComputerResults> <Version>2228228</Version> <Name>saicgmac\CNSHATSCPM014$</Name> <Domain>dir.saicgmac.com</Domain> <SOM>dir.saicgmac.com/Servers/Jumpstation</SOM> <Site>CNSHA01</Site> <SearchedSOM> <Path>dir.saicgmac.com</Path> <Type>Domain</Type> <Order>3</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SearchedSOM> <Path>dir.saicgmac.com/Servers</Path> <Type>OU</Type> <Order>4</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SearchedSOM> <Path>dir.saicgmac.com/Servers/Jumpstation</Path> <Type>OU</Type> <Order>5</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SearchedSOM> <Path>Local</Path> <Type>Local</Type> <Order>1</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SearchedSOM> <Path>dir.saicgmac.com/Configuration/Sites/CNSHA01</Path> <Type>Site</Type> <Order>2</Order> <BlocksInheritance>false</BlocksInheritance> <Blocked>false</Blocked> <Reason>Normal</Reason> </SearchedSOM> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-1-0</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Everyone</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-545</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Users</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-2</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\NETWORK</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-15</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\This Organization</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-731736828-2385216188-4234868085-9307</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">saicgmac\CNSHATSCPM014$</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-731736828-2385216188-4234868085-515</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">saicgmac\Domain Computers</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-18-1</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Authentication authority asserted identity</Name> </SecurityGroup> <SecurityGroup> <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-16-16384</SID> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Mandatory Label\System Mandatory Level</Name> </SecurityGroup> <SlowLink>false</SlowLink> <ExtensionStatus> <Name>Group Policy Local Users and Groups</Name> <Identifier>{17D89FEC-5C44-4972-B12D-241CAEF74509}</Identifier> <BeginTime>2018-01-02T03:31:21</BeginTime> <EndTime>2018-01-03T00:13:32</EndTime> <LoggingStatus>Complete</LoggingStatus> <Error>0</Error> </ExtensionStatus> <ExtensionStatus> <Name>Group Policy Infrastructure</Name> <Identifier>{00000000-0000-0000-0000-000000000000}</Identifier> <BeginTime>2018-01-03T00:13:30</BeginTime> <EndTime>2018-01-03T00:13:36</EndTime> <LoggingStatus>Complete</LoggingStatus> <Error>0</Error> </ExtensionStatus> <ExtensionStatus> <Name>Registry</Name> <Identifier>{35378EAC-683F-11D2-A89A-00C04FBBCFA2}</Identifier> <BeginTime>2018-01-02T03:31:20</BeginTime> <EndTime>2018-01-02T03:31:21</EndTime> <LoggingStatus>Complete</LoggingStatus> <Error>0</Error> </ExtensionStatus> <ExtensionStatus> <Name>Audit Policy Configuration</Name> <Identifier>{f3ccc681-b74c-4060-9f26-cd84525dca2a}</Identifier> <BeginTime>2018-01-02T03:31:25</BeginTime> <EndTime>2018-01-03T00:13:36</EndTime> <LoggingStatus>Complete</LoggingStatus> <Error>0</Error> </ExtensionStatus> <ExtensionStatus> <Name>Group Policy Registry</Name> <Identifier>{B087BE9D-ED37-454f-AF9C-04291E351182}</Identifier> <BeginTime>2018-01-02T03:31:25</BeginTime> <EndTime>2018-01-03T00:13:35</EndTime> <LoggingStatus>Complete</LoggingStatus> <Error>0</Error> </ExtensionStatus> <ExtensionStatus> <Name>Security</Name> <Identifier>{827D319E-6EAC-11D2-A4EA-00C04F79F83A}</Identifier> <BeginTime>2018-01-03T00:13:32</BeginTime> <EndTime>2018-01-03T00:13:35</EndTime> <LoggingStatus>Complete</LoggingStatus> <Error>1252</Error> </ExtensionStatus> <GPO> <Name>ServerConfiguration</Name> <Path> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{0B676C17-E974-4960-986A-75755D028C9D}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </Path> <VersionDirectory>349</VersionDirectory> <VersionSysvol>65535</VersionSysvol> <Enabled>true</Enabled> <IsValid>true</IsValid> <FilterAllowed>true</FilterAllowed> <AccessDenied>false</AccessDenied> <Link> <SOMPath>dir.saicgmac.com/Servers</SOMPath> <SOMOrder>1</SOMOrder> <AppliedOrder>3</AppliedOrder> <LinkOrder>3</LinkOrder> <Enabled>true</Enabled> <NoOverride>false</NoOverride> </Link> </GPO> <GPO> <Name>Default Domain Policy</Name> <Path> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{31B2F340-016D-11D2-945F-00C04FB984F9}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </Path> <VersionDirectory>67</VersionDirectory> <VersionSysvol>65535</VersionSysvol> <Enabled>true</Enabled> <IsValid>true</IsValid> <FilterAllowed>true</FilterAllowed> <AccessDenied>false</AccessDenied> <Link> <SOMPath>dir.saicgmac.com</SOMPath> <SOMOrder>1</SOMOrder> <AppliedOrder>2</AppliedOrder> <LinkOrder>2</LinkOrder> <Enabled>true</Enabled> <NoOverride>false</NoOverride> </Link> </GPO> <GPO> <Name>Baseline of ServerConfiguration</Name> <Path> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </Path> <VersionDirectory>75</VersionDirectory> <VersionSysvol>65535</VersionSysvol> <Enabled>true</Enabled> <IsValid>true</IsValid> <FilterAllowed>true</FilterAllowed> <AccessDenied>false</AccessDenied> <Link> <SOMPath>dir.saicgmac.com/Servers/Jumpstation</SOMPath> <SOMOrder>2</SOMOrder> <AppliedOrder>5</AppliedOrder> <LinkOrder>5</LinkOrder> <Enabled>true</Enabled> <NoOverride>false</NoOverride> </Link> </GPO> <GPO> <Name>Local Group Policy</Name> <Path> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </Path> <VersionDirectory>20</VersionDirectory> <VersionSysvol>20</VersionSysvol> <Enabled>true</Enabled> <IsValid>true</IsValid> <FilterAllowed>true</FilterAllowed> <AccessDenied>false</AccessDenied> <Link> <SOMPath>Local</SOMPath> <SOMOrder>1</SOMOrder> <AppliedOrder>1</AppliedOrder> <LinkOrder>1</LinkOrder> <Enabled>true</Enabled> <NoOverride>false</NoOverride> </Link> </GPO> <GPO> <Name>Baseline of Default Domain Policy</Name> <Path> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </Path> <VersionDirectory>63</VersionDirectory> <VersionSysvol>65535</VersionSysvol> <Enabled>true</Enabled> <IsValid>true</IsValid> <FilterAllowed>true</FilterAllowed> <AccessDenied>false</AccessDenied> <Link> <SOMPath>dir.saicgmac.com/Servers/Jumpstation</SOMPath> <SOMOrder>1</SOMOrder> <AppliedOrder>4</AppliedOrder> <LinkOrder>4</LinkOrder> <Enabled>true</Enabled> <NoOverride>false</NoOverride> </Link> </GPO> <ExtensionData> <Extension xmlns:q2="http://www.microsoft.com/GroupPolicy/Settings/Lugs" xsi:type="q2:LugsSettings" xmlns="http://www.microsoft.com/GroupPolicy/Settings"> <q2:LocalUserOrGroupRsopSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q2:BaseInstanceXml CLASSNAME="RSOP_PolmkrLocalUsersSetting"> <q2:PROPERTY NAME="name"> <q2:VALUE>Guest (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="GPOID"> <q2:VALUE>cn={A70D46E4-33C8-480F-B946-C857F880CA25},cn=policies,cn=system,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="SOMID"> <q2:VALUE>OU=Jumpstation,OU=Servers,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpeGuid"> <q2:VALUE>{79F92669-4224-476c-9C5C-6EFB4D87DF4A}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseCseGuid"> <q2:VALUE>{17D89FEC-5C44-4972-B12D-241CAEF74509}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoDisplayName"> <q2:VALUE>Baseline of ServerConfiguration</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoGuid"> <q2:VALUE>{A70D46E4-33C8-480F-B946-C857F880CA25}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="id"> <q2:VALUE>{45D68B91-5C19-4009-9383-777BF553CAA7}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="precedence"> <q2:VALUE>1</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="creationTime"> <q2:VALUE>20180102033121.822000+000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseHash"> <q2:VALUE>RSOP_PolmkrLocalUsersSetting.polmkrUserName="Guest (built-in)"</q2:VALUE> </q2:PROPERTY> <q2:INSTANCE CLASSNAME="RSOP_PolmkrUserItem"> <q2:PROPERTY NAME="polmkrClassClsid"> <q2:VALUE>{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassName"> <q2:VALUE>Guest (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassImage"> <q2:VALUE>2</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassChanged"> <q2:VALUE>2015-09-21 07:56:38</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassUid"> <q2:VALUE>{F7FD9AE9-8E35-4651-85DE-FAEE2B6D1A72}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassUserContext"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassRemovePolicy"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrAction"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNewName"> <q2:VALUE>noused</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrFullName"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDescription"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrCpassword"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrChangeLogon"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNoChange"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNeverExpires"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrAcctDisabled"> <q2:VALUE>1</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrSubAuthority"> <q2:VALUE>RID_GUEST</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrUserName"> <q2:VALUE>Guest (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrExpires"> <q2:VALUE>2015-09-21</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrActionResolved"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCodeValue"> <q2:VALUE>-2147023580</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCode"> <q2:VALUE>0x80070524</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultText"> <q2:VALUE>The specified account already exists.</q2:VALUE> </q2:PROPERTY> <q2:Values /> <q2:Attributes /> <q2:Members /> </q2:INSTANCE> <q2:Values /> <q2:Attributes /> <q2:Members /> </q2:BaseInstanceXml> </q2:LocalUserOrGroupRsopSetting> <q2:LocalUserOrGroupRsopSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{0B676C17-E974-4960-986A-75755D028C9D}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">2</Precedence> <q2:BaseInstanceXml CLASSNAME="RSOP_PolmkrLocalUsersSetting"> <q2:PROPERTY NAME="name"> <q2:VALUE>Guest (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="GPOID"> <q2:VALUE>cn={0B676C17-E974-4960-986A-75755D028C9D},cn=policies,cn=system,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="SOMID"> <q2:VALUE>OU=Servers,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpeGuid"> <q2:VALUE>{79F92669-4224-476c-9C5C-6EFB4D87DF4A}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseCseGuid"> <q2:VALUE>{17D89FEC-5C44-4972-B12D-241CAEF74509}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoDisplayName"> <q2:VALUE>ServerConfiguration</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoGuid"> <q2:VALUE>{0B676C17-E974-4960-986A-75755D028C9D}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="id"> <q2:VALUE>{1C76CCD2-00BF-48FB-AD73-EFC8E6C3A456}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="precedence"> <q2:VALUE>2</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="creationTime"> <q2:VALUE>20180102033121.772000+000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseHash"> <q2:VALUE>RSOP_PolmkrLocalUsersSetting.polmkrUserName="Guest (built-in)"</q2:VALUE> </q2:PROPERTY> <q2:INSTANCE CLASSNAME="RSOP_PolmkrUserItem"> <q2:PROPERTY NAME="polmkrClassClsid"> <q2:VALUE>{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassName"> <q2:VALUE>Guest (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassImage"> <q2:VALUE>2</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassChanged"> <q2:VALUE>2015-09-21 07:56:38</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassUid"> <q2:VALUE>{F7FD9AE9-8E35-4651-85DE-FAEE2B6D1A72}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassUserContext"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassRemovePolicy"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrAction"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNewName"> <q2:VALUE>noused</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrFullName"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDescription"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrCpassword"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrChangeLogon"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNoChange"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNeverExpires"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrAcctDisabled"> <q2:VALUE>1</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrSubAuthority"> <q2:VALUE>RID_GUEST</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrUserName"> <q2:VALUE>Guest (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrExpires"> <q2:VALUE>2015-09-21</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrActionResolved"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCodeValue"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCode"> <q2:VALUE>0x00000000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultText"> <q2:VALUE>The operation completed successfully.</q2:VALUE> </q2:PROPERTY> <q2:Values /> <q2:Attributes /> <q2:Members /> </q2:INSTANCE> <q2:Values /> <q2:Attributes /> <q2:Members /> </q2:BaseInstanceXml> </q2:LocalUserOrGroupRsopSetting> <q2:LocalUserOrGroupRsopSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{0B676C17-E974-4960-986A-75755D028C9D}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">2</Precedence> <q2:BaseInstanceXml CLASSNAME="RSOP_PolmkrLocalGroupsSetting"> <q2:PROPERTY NAME="name"> <q2:VALUE>Remote Desktop Users (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="GPOID"> <q2:VALUE>cn={0B676C17-E974-4960-986A-75755D028C9D},cn=policies,cn=system,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="SOMID"> <q2:VALUE>OU=Servers,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpeGuid"> <q2:VALUE>{79F92669-4224-476c-9C5C-6EFB4D87DF4A}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseCseGuid"> <q2:VALUE>{17D89FEC-5C44-4972-B12D-241CAEF74509}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoDisplayName"> <q2:VALUE>ServerConfiguration</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoGuid"> <q2:VALUE>{0B676C17-E974-4960-986A-75755D028C9D}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="id"> <q2:VALUE>{D474116B-668F-4F4B-9C38-ABB5577EDE38}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="precedence"> <q2:VALUE>2</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="creationTime"> <q2:VALUE>20180102033121.782000+000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseHash"> <q2:VALUE>RSOP_PolmkrLocalGroupsSetting.polmkrGroupName="Remote Desktop Users (built-in)"</q2:VALUE> </q2:PROPERTY> <q2:INSTANCE CLASSNAME="RSOP_PolmkrGroupItem"> <q2:PROPERTY NAME="polmkrClassClsid"> <q2:VALUE>{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassName"> <q2:VALUE>Remote Desktop Users (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassImage"> <q2:VALUE>2</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassChanged"> <q2:VALUE>2016-07-01 09:16:44</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassUid"> <q2:VALUE>{41DEF99C-4CE0-4BA9-9466-FE0684A1481D}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrAction"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNewName"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDescription"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDeleteAllUsers"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDeleteAllGroups"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrRemoveAccounts"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrGroupSid"> <q2:VALUE>S-1-5-32-555</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrGroupName"> <q2:VALUE>Remote Desktop Users (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrActionResolved"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCodeValue"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCode"> <q2:VALUE>0x00000000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultText"> <q2:VALUE>The operation completed successfully.</q2:VALUE> </q2:PROPERTY> <q2:Values /> <q2:Attributes /> <q2:Members> <q2:Member name="saicgmac\HP_Hosting_Wintel_RO" action="ADD" sid="S-1-5-21-731736828-2385216188-4234868085-7919" /> </q2:Members> </q2:INSTANCE> <q2:Values /> <q2:Attributes /> <q2:Members /> </q2:BaseInstanceXml> </q2:LocalUserOrGroupRsopSetting> <q2:LocalUserOrGroupRsopSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{0B676C17-E974-4960-986A-75755D028C9D}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">2</Precedence> <q2:BaseInstanceXml CLASSNAME="RSOP_PolmkrLocalGroupsSetting"> <q2:PROPERTY NAME="name"> <q2:VALUE>Administrators (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="GPOID"> <q2:VALUE>cn={0B676C17-E974-4960-986A-75755D028C9D},cn=policies,cn=system,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="SOMID"> <q2:VALUE>OU=Servers,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpeGuid"> <q2:VALUE>{79F92669-4224-476c-9C5C-6EFB4D87DF4A}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseCseGuid"> <q2:VALUE>{17D89FEC-5C44-4972-B12D-241CAEF74509}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoDisplayName"> <q2:VALUE>ServerConfiguration</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoGuid"> <q2:VALUE>{0B676C17-E974-4960-986A-75755D028C9D}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="id"> <q2:VALUE>{6284E1E4-98E8-431D-B0DB-4FEF40F6DB1D}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="precedence"> <q2:VALUE>2</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="creationTime"> <q2:VALUE>20180102033121.762000+000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseHash"> <q2:VALUE>RSOP_PolmkrLocalGroupsSetting.polmkrGroupName="Administrators (built-in)"</q2:VALUE> </q2:PROPERTY> <q2:INSTANCE CLASSNAME="RSOP_PolmkrGroupItem"> <q2:PROPERTY NAME="polmkrClassClsid"> <q2:VALUE>{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassName"> <q2:VALUE>Administrators (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassImage"> <q2:VALUE>2</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassChanged"> <q2:VALUE>2016-07-01 09:16:09</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassUid"> <q2:VALUE>{5F26FA95-5289-4AEE-ACA1-BFBE15DBD999}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrAction"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNewName"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDescription"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDeleteAllUsers"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDeleteAllGroups"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrRemoveAccounts"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrGroupSid"> <q2:VALUE>S-1-5-32-544</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrGroupName"> <q2:VALUE>Administrators (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrActionResolved"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCodeValue"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCode"> <q2:VALUE>0x00000000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultText"> <q2:VALUE>The operation completed successfully.</q2:VALUE> </q2:PROPERTY> <q2:Values /> <q2:Attributes /> <q2:Members> <q2:Member name="saicgmac\ServerAdminGroups" action="ADD" sid="S-1-5-21-731736828-2385216188-4234868085-1307" /> <q2:Member name="saicgmac\HP_Hosting_Wintel_Admin" action="ADD" sid="S-1-5-21-731736828-2385216188-4234868085-6543" /> </q2:Members> </q2:INSTANCE> <q2:Values /> <q2:Attributes /> <q2:Members /> </q2:BaseInstanceXml> </q2:LocalUserOrGroupRsopSetting> <q2:LocalUserOrGroupRsopSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q2:BaseInstanceXml CLASSNAME="RSOP_PolmkrLocalGroupsSetting"> <q2:PROPERTY NAME="name"> <q2:VALUE>Remote Desktop Users (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="GPOID"> <q2:VALUE>cn={A70D46E4-33C8-480F-B946-C857F880CA25},cn=policies,cn=system,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="SOMID"> <q2:VALUE>OU=Jumpstation,OU=Servers,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpeGuid"> <q2:VALUE>{79F92669-4224-476c-9C5C-6EFB4D87DF4A}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseCseGuid"> <q2:VALUE>{17D89FEC-5C44-4972-B12D-241CAEF74509}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoDisplayName"> <q2:VALUE>Baseline of ServerConfiguration</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoGuid"> <q2:VALUE>{A70D46E4-33C8-480F-B946-C857F880CA25}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="id"> <q2:VALUE>{CDCFB3EC-256C-49D7-B98C-FF4773164380}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="precedence"> <q2:VALUE>1</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="creationTime"> <q2:VALUE>20180102033121.832000+000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseHash"> <q2:VALUE>RSOP_PolmkrLocalGroupsSetting.polmkrGroupName="Remote Desktop Users (built-in)"</q2:VALUE> </q2:PROPERTY> <q2:INSTANCE CLASSNAME="RSOP_PolmkrGroupItem"> <q2:PROPERTY NAME="polmkrClassClsid"> <q2:VALUE>{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassName"> <q2:VALUE>Remote Desktop Users (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassImage"> <q2:VALUE>2</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassChanged"> <q2:VALUE>2016-07-01 09:16:44</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassUid"> <q2:VALUE>{41DEF99C-4CE0-4BA9-9466-FE0684A1481D}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrAction"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNewName"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDescription"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDeleteAllUsers"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDeleteAllGroups"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrRemoveAccounts"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrGroupSid"> <q2:VALUE>S-1-5-32-555</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrGroupName"> <q2:VALUE>Remote Desktop Users (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrActionResolved"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCodeValue"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCode"> <q2:VALUE>0x00000000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultText"> <q2:VALUE>The operation completed successfully.</q2:VALUE> </q2:PROPERTY> <q2:Values /> <q2:Attributes /> <q2:Members> <q2:Member name="saicgmac\HP_Hosting_Wintel_RO" action="ADD" sid="S-1-5-21-731736828-2385216188-4234868085-7919" /> </q2:Members> </q2:INSTANCE> <q2:Values /> <q2:Attributes /> <q2:Members /> </q2:BaseInstanceXml> </q2:LocalUserOrGroupRsopSetting> <q2:LocalUserOrGroupRsopSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q2:BaseInstanceXml CLASSNAME="RSOP_PolmkrLocalGroupsSetting"> <q2:PROPERTY NAME="name"> <q2:VALUE>Administrators (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="GPOID"> <q2:VALUE>cn={A70D46E4-33C8-480F-B946-C857F880CA25},cn=policies,cn=system,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="SOMID"> <q2:VALUE>OU=Jumpstation,OU=Servers,DC=dir,DC=saicgmac,DC=com</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpeGuid"> <q2:VALUE>{79F92669-4224-476c-9C5C-6EFB4D87DF4A}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseCseGuid"> <q2:VALUE>{17D89FEC-5C44-4972-B12D-241CAEF74509}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoDisplayName"> <q2:VALUE>Baseline of ServerConfiguration</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseGpoGuid"> <q2:VALUE>{A70D46E4-33C8-480F-B946-C857F880CA25}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="id"> <q2:VALUE>{B2F85ED5-6F8A-4511-B79F-40D542310909}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="precedence"> <q2:VALUE>1</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="creationTime"> <q2:VALUE>20180102033121.812000+000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrBaseHash"> <q2:VALUE>RSOP_PolmkrLocalGroupsSetting.polmkrGroupName="Administrators (built-in)"</q2:VALUE> </q2:PROPERTY> <q2:INSTANCE CLASSNAME="RSOP_PolmkrGroupItem"> <q2:PROPERTY NAME="polmkrClassClsid"> <q2:VALUE>{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassName"> <q2:VALUE>Administrators (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassImage"> <q2:VALUE>2</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassChanged"> <q2:VALUE>2016-07-01 09:16:09</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassUid"> <q2:VALUE>{5F26FA95-5289-4AEE-ACA1-BFBE15DBD999}</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrAction"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrNewName"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDescription"> <q2:VALUE /> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDeleteAllUsers"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrDeleteAllGroups"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrRemoveAccounts"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrGroupSid"> <q2:VALUE>S-1-5-32-544</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrGroupName"> <q2:VALUE>Administrators (built-in)</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrActionResolved"> <q2:VALUE>U</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCodeValue"> <q2:VALUE>0</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultCode"> <q2:VALUE>0x00000000</q2:VALUE> </q2:PROPERTY> <q2:PROPERTY NAME="polmkrClassResultText"> <q2:VALUE>The operation completed successfully.</q2:VALUE> </q2:PROPERTY> <q2:Values /> <q2:Attributes /> <q2:Members> <q2:Member name="saicgmac\ServerAdminGroups" action="ADD" sid="S-1-5-21-731736828-2385216188-4234868085-1307" /> <q2:Member name="saicgmac\HP_Hosting_Wintel_Admin" action="ADD" sid="S-1-5-21-731736828-2385216188-4234868085-6543" /> </q2:Members> </q2:INSTANCE> <q2:Values /> <q2:Attributes /> <q2:Members /> </q2:BaseInstanceXml> </q2:LocalUserOrGroupRsopSetting> </Extension> <Name xmlns="http://www.microsoft.com/GroupPolicy/Settings">Local Users and Groups</Name> </ExtensionData> <ExtensionData> <Extension xmlns:q3="http://www.microsoft.com/GroupPolicy/Settings/Auditing" xsi:type="q3:AuditSettings" xmlns="http://www.microsoft.com/GroupPolicy/Settings"> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit File Share</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9224-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit IPsec Quick Mode</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9219-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit DPAPI Activity</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce922d-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Special Logon</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce921b-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Network Policy Server</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9243-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Account Lockout</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9217-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Handle Manipulation</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9223-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Process Creation</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce922b-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>1</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Filtering Platform Connection</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9226-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Authentication Policy Change</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9230-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit IPsec Extended Mode</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce921a-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit RPC Events</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce922e-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Application Generated</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9222-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Other Account Logon Events</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9241-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Other Object Access Events</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9227-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Detailed File Share</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9244-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Authorization Policy Change</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9231-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Logoff</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9216-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>1</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Kernel Object</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce921f-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Non Sensitive Privilege Use</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9229-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Credential Validation</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce923f-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit User Account Management</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9235-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit File System</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce921d-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Directory Service Access</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce923b-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit IPsec Main Mode</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9218-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Other Privilege Use Events</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce922a-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Certification Services</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9221-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Other System Events</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9214-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Security State Change</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9210-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Filtering Platform Policy Change</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9233-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Registry</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce921e-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit IPsec Driver</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9213-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Detailed Directory Service Replication</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce923e-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Directory Service Replication</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce923d-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Other Logon/Logoff Events</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce921c-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Security Group Management</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9237-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Kerberos Service Ticket Operations</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9240-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Distribution Group Management</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9238-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit MPSSVC Rule-Level Policy Change</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9232-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Directory Service Changes</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce923c-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Audit Policy Change</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce922f-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Other Account Management Events</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce923a-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Logon</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9215-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Filtering Platform Packet Drop</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9225-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Application Group Management</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9239-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Other Policy Change Events</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9234-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit System Integrity</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9212-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit SAM</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9220-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Sensitive Privilege Use</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9228-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Computer Account Management</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9236-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Security System Extension</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9211-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Kerberos Authentication Service</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce9242-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>3</q3:SettingValue> </q3:AuditSetting> <q3:AuditSetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q3:PolicyTarget>System</q3:PolicyTarget> <q3:SubcategoryName>Audit Process Termination</q3:SubcategoryName> <q3:SubcategoryGuid>{0cce922c-69ae-11d9-bed3-505054503030}</q3:SubcategoryGuid> <q3:SettingValue>0</q3:SettingValue> </q3:AuditSetting> </Extension> <Name xmlns="http://www.microsoft.com/GroupPolicy/Settings">Advanced Audit Configuration</Name> </ExtensionData> <ExtensionData> <Extension xmlns:q4="http://www.microsoft.com/GroupPolicy/Settings/Windows/Registry" xsi:type="q4:RegistrySettings" xmlns="http://www.microsoft.com/GroupPolicy/Settings" /> <Name xmlns="http://www.microsoft.com/GroupPolicy/Settings">Windows Registry</Name> </ExtensionData> <ExtensionData> <Extension xmlns:q5="http://www.microsoft.com/GroupPolicy/Settings/Security" xsi:type="q5:SecuritySettings" xmlns="http://www.microsoft.com/GroupPolicy/Settings"> <q5:Account> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>LockoutDuration</q5:Name> <q5:SettingNumber>4294967295</q5:SettingNumber> <q5:Type>Account Lockout</q5:Type> </q5:Account> <q5:Account> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>MaximumPasswordAge</q5:Name> <q5:SettingNumber>90</q5:SettingNumber> <q5:Type>Password</q5:Type> </q5:Account> <q5:Account> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>MinimumPasswordAge</q5:Name> <q5:SettingNumber>2</q5:SettingNumber> <q5:Type>Password</q5:Type> </q5:Account> <q5:Account> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>ResetLockoutCount</q5:Name> <q5:SettingNumber>30</q5:SettingNumber> <q5:Type>Account Lockout</q5:Type> </q5:Account> <q5:Account> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>LockoutBadCount</q5:Name> <q5:SettingNumber>6</q5:SettingNumber> <q5:Type>Account Lockout</q5:Type> </q5:Account> <q5:Account> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>PasswordHistorySize</q5:Name> <q5:SettingNumber>12</q5:SettingNumber> <q5:Type>Password</q5:Type> </q5:Account> <q5:Account> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>MinimumPasswordLength</q5:Name> <q5:SettingNumber>8</q5:SettingNumber> <q5:Type>Password</q5:Type> </q5:Account> <q5:Account> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>PasswordComplexity</q5:Name> <q5:SettingBoolean>true</q5:SettingBoolean> <q5:Type>Password</q5:Type> </q5:Account> <q5:Account> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>ClearTextPassword</q5:Name> <q5:SettingBoolean>false</q5:SettingBoolean> <q5:Type>Password</q5:Type> </q5:Account> <q5:Audit> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>AuditPolicyChange</q5:Name> <q5:SuccessAttempts>true</q5:SuccessAttempts> <q5:FailureAttempts>true</q5:FailureAttempts> </q5:Audit> <q5:Audit> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>AuditAccountManage</q5:Name> <q5:SuccessAttempts>true</q5:SuccessAttempts> <q5:FailureAttempts>true</q5:FailureAttempts> </q5:Audit> <q5:Audit> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>AuditObjectAccess</q5:Name> <q5:SuccessAttempts>true</q5:SuccessAttempts> <q5:FailureAttempts>true</q5:FailureAttempts> </q5:Audit> <q5:Audit> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>AuditDSAccess</q5:Name> <q5:SuccessAttempts>true</q5:SuccessAttempts> <q5:FailureAttempts>true</q5:FailureAttempts> </q5:Audit> <q5:Audit> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>AuditPrivilegeUse</q5:Name> <q5:SuccessAttempts>false</q5:SuccessAttempts> <q5:FailureAttempts>true</q5:FailureAttempts> </q5:Audit> <q5:Audit> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>AuditProcessTracking</q5:Name> <q5:SuccessAttempts>false</q5:SuccessAttempts> <q5:FailureAttempts>false</q5:FailureAttempts> </q5:Audit> <q5:Audit> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>AuditAccountLogon</q5:Name> <q5:SuccessAttempts>true</q5:SuccessAttempts> <q5:FailureAttempts>true</q5:FailureAttempts> </q5:Audit> <q5:Audit> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>AuditLogonEvents</q5:Name> <q5:SuccessAttempts>true</q5:SuccessAttempts> <q5:FailureAttempts>true</q5:FailureAttempts> </q5:Audit> <q5:Audit> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>AuditSystemEvents</q5:Name> <q5:SuccessAttempts>true</q5:SuccessAttempts> <q5:FailureAttempts>true</q5:FailureAttempts> </q5:Audit> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeCreateGlobalPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NETWORK SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">LOCAL SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeDenyRemoteInteractiveLogonRight</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Guests</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Local account</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeImpersonatePrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NETWORK SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">LOCAL SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeChangeNotifyPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NETWORK SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">LOCAL SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Backup Operators</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Authenticated Users</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeIncreaseBasePriorityPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeCreateTokenPrivilege</q5:Name> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeTakeOwnershipPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeDenyInteractiveLogonRight</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Guests</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeRestorePrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Backup Operators</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeDebugPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeSystemTimePrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">LOCAL SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeSecurityPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeShutdownPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Backup Operators</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeAuditPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">LOCAL SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NETWORK SERVICE</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeInteractiveLogonRight</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">saicgmac\SG_GPO_AllowLogOnLocally</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeCreatePagefilePrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeDenyNetworkLogonRight</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">!NoUseGuest!</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeNetworkLogonRight</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Authenticated Users</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeSystemProfilePrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeDenyBatchLogonRight</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Guests</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeRemoteShutdownPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeBackupPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Backup Operators</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeEnableDelegationPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeSystemEnvironmentPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeDenyServiceLogonRight</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Guests</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeRemoteInteractiveLogonRight</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Remote Desktop Users</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeLoadDriverPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeIncreaseQuotaPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeTimeZonePrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">LOCAL SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeProfileSingleProcessPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeAssignPrimaryTokenPrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">saicgmac\SVC_NBUEXBK</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NETWORK SERVICE</Name> </q5:Member> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">LOCAL SERVICE</Name> </q5:Member> </q5:UserRightsAssignment> <q5:UserRightsAssignment> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>SeManageVolumePrivilege</q5:Name> <q5:Member> <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Administrators</Name> </q5:Member> </q5:UserRightsAssignment> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount</q5:KeyName> <q5:SettingString>4</q5:SettingString> <q5:Display> <q5:Name>Interactive logon: Number of previous logons to cache (in case domain controller is not available)</q5:Name> <q5:Units>logons</q5:Units> <q5:DisplayNumber>4</q5:DisplayNumber> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec</q5:KeyName> <q5:SettingNumber>537395200</q5:SettingNumber> <q5:Display> <q5:Name>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers</q5:Name> <q5:Units /> <q5:DisplayFields> <q5:Field> <q5:Name>Require NTLMv2 session security</q5:Name> <q5:Value>true</q5:Value> </q5:Field> <q5:Field> <q5:Name>Require 128-bit encryption</q5:Name> <q5:Value>true</q5:Value> </q5:Field> </q5:DisplayFields> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity</q5:KeyName> <q5:SettingNumber>2</q5:SettingNumber> <q5:Display> <q5:Name>Network security: LDAP client signing requirements</q5:Name> <q5:Units /> <q5:DisplayString>Require signing</q5:DisplayString> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Microsoft network server: Disconnect clients when logon hours expire</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Network access: Do not allow anonymous enumeration of SAM accounts</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Shutdown: Allow system to be shut down without having to log on</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies</q5:KeyName> <q5:SettingString>1</q5:SettingString> <q5:Display> <q5:Name>Devices: Restrict floppy access to locally logged-on user only</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode</q5:Name> <q5:Units /> <q5:DisplayString>Elevate without prompting</q5:DisplayString> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Domain member: Digitally encrypt secure channel data (when possible)</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Interactive logon: Do not require CTRL+ALT+DEL</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect</q5:KeyName> <q5:SettingNumber>15</q5:SettingNumber> <q5:Display> <q5:Name>Microsoft network server: Amount of idle time required before suspending session</q5:Name> <q5:Units>minutes</q5:Units> <q5:DisplayNumber>15</q5:DisplayNumber> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption</q5:KeyName> <q5:SettingString>2</q5:SettingString> <q5:Display> <q5:Name>Interactive logon: Smart card removal behavior</q5:Name> <q5:Units /> <q5:DisplayString>Force Logoff</q5:DisplayString> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Only elevate executables that are signed and validated</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Virtualize file and registry write failures to per-user locations</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel</q5:KeyName> <q5:SettingNumber>5</q5:SettingNumber> <q5:Display> <q5:Name>Network security: LAN Manager authentication level</q5:Name> <q5:Units /> <q5:DisplayString>Send NTLMv2 response only. Refuse LM & NTLM</q5:DisplayString> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Microsoft network server: Digitally sign communications (always)</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge</q5:KeyName> <q5:SettingNumber>75</q5:SettingNumber> <q5:Display> <q5:Name>Domain member: Maximum machine account password age</q5:Name> <q5:Units>days</q5:Units> <q5:DisplayNumber>75</q5:DisplayNumber> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec</q5:KeyName> <q5:SettingNumber>537395200</q5:SettingNumber> <q5:Display> <q5:Name>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients</q5:Name> <q5:Units /> <q5:DisplayFields> <q5:Field> <q5:Name>Require NTLMv2 session security</q5:Name> <q5:Value>true</q5:Value> </q5:Field> <q5:Field> <q5:Name>Require 128-bit encryption</q5:Name> <q5:Value>true</q5:Value> </q5:Field> </q5:DisplayFields> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Recovery console: Allow floppy copy and access to all drives and all folders</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\InactivityTimeoutSecs</q5:KeyName> <q5:SettingNumber>900</q5:SettingNumber> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares</q5:KeyName> <q5:SettingStrings /> <q5:Display> <q5:Name>Network access: Shares that can be accessed anonymously</q5:Name> <q5:Units /> <q5:DisplayStrings /> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Interactive logon: Require Domain Controller authentication to unlock workstation</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Network access: Restrict anonymous access to Named Pipes and Shares</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Microsoft network server: Digitally sign communications (if client agrees)</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional</q5:KeyName> <q5:SettingStrings> <q5:Value>Posix</q5:Value> </q5:SettingStrings> <q5:Display> <q5:Name>System settings: Optional subsystems</q5:Name> <q5:Units /> <q5:DisplayStrings> <q5:Value>Posix</q5:Value> </q5:DisplayStrings> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>System objects: Require case insensitivity for non-Windows subsystems</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Microsoft network client: Digitally sign communications (if server agrees)</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms</q5:KeyName> <q5:SettingString>0</q5:SettingString> <q5:Display> <q5:Name>Devices: Restrict CD-ROM access to locally logged-on user only</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Network access: Let Everyone permissions apply to anonymous users</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Switch to the secure desktop when prompting for elevation</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Microsoft network client: Send unencrypted password to third-party SMB servers</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Audit: Shut down system immediately if unable to log security audits</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\MaxDevicePasswordFailedAttempts</q5:KeyName> <q5:SettingNumber>6</q5:SettingNumber> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Behavior of the elevation prompt for standard users</q5:Name> <q5:Units /> <q5:DisplayString>Automatically deny elevation requests</q5:DisplayString> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption</q5:KeyName> <q5:SettingString>SAICGMAC Security Advisory Warning</q5:SettingString> <q5:Display> <q5:Name>Interactive logon: Message title for users attempting to log on</q5:Name> <q5:Units /> <q5:DisplayString>SAICGMAC Security Advisory Warning</q5:DisplayString> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Network security: Do not store LAN Manager hash value on next password change</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Interactive logon: Do not display last user name</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText</q5:KeyName> <q5:SettingStrings> <q5:Value>This system is The property of SAICGMAC, and is to be used in accordance with applicable SAICGMAC Policies. Unauthorized access or activity is a violation of SAICGMAC Policies and may be a violation of law. Use of this system constitutes consent to monitoring for unauthorized use, in accordance with SAICGMAC Policies, local laws, and regulations. Unauthorized use may result in penalties including, but not limited to, reprimand, dismissal, financial penalties, and legal action.</q5:Value> </q5:SettingStrings> <q5:Display> <q5:Name>Interactive logon: Message text for users attempting to log on</q5:Name> <q5:Units /> <q5:DisplayStrings> <q5:Value>This system is The property of SAICGMAC, and is to be used in accordance with applicable SAICGMAC Policies. Unauthorized access or activity is a violation of SAICGMAC Policies and may be a violation of law. Use of this system constitutes consent to monitoring for unauthorized use, in accordance with SAICGMAC Policies, local laws, and regulations. Unauthorized use may result in penalties including, but not limited to, reprimand, dismissal, financial penalties, and legal action.</q5:Value> </q5:DisplayStrings> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Microsoft network client: Digitally sign communications (always)</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Audit: Audit the access of global system objects</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Admin Approval Mode for the Built-in Administrator account</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Domain member: Digitally sign secure channel data (when possible)</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Interactive logon: Require smart card</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Domain member: Require strong (Windows 2000 or later) session key</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Shutdown: Clear virtual memory pagefile</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Network access: Sharing and security model for local accounts</q5:Name> <q5:Units /> <q5:DisplayString>Classic - local users authenticate as themselves</q5:DisplayString> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Detect application installations and prompt for elevation</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Domain member: Digitally encrypt or sign secure channel data (always)</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Recovery console: Allow automatic administrative logon</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Accounts: Limit local account use of blank passwords to console logon only</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Audit: Audit the use of Backup and Restore privilege</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Network access: Do not allow anonymous enumeration of SAM accounts and shares</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Only elevate UIAccess applications that are installed in secure locations</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>Network access: Do not allow storage of passwords and credentials for network authentication</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA</q5:KeyName> <q5:SettingNumber>0</q5:SettingNumber> <q5:Display> <q5:Name>User Account Control: Run all administrators in Admin Approval Mode</q5:Name> <q5:Units /> <q5:DisplayBoolean>false</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineId</q5:KeyName> <q5:SettingNumber>1</q5:SettingNumber> <q5:Display> <q5:Name>Network security: Allow Local System to use computer identity for NTLM</q5:Name> <q5:Units /> <q5:DisplayBoolean>true</q5:DisplayBoolean> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:KeyName>MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning</q5:KeyName> <q5:SettingNumber>7</q5:SettingNumber> <q5:Display> <q5:Name>Interactive logon: Prompt user to change password before expiration</q5:Name> <q5:Units>days</q5:Units> <q5:DisplayNumber>7</q5:DisplayNumber> </q5:Display> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:SystemAccessPolicyName>NewAdministratorName</q5:SystemAccessPolicyName> <q5:SettingString>!sgadmin!</q5:SettingString> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:SystemAccessPolicyName>NewGuestName</q5:SystemAccessPolicyName> <q5:SettingString>!NoUseGuest!</q5:SettingString> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:SystemAccessPolicyName>ForceLogoffWhenHourExpire</q5:SystemAccessPolicyName> <q5:SettingNumber>1</q5:SettingNumber> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:SystemAccessPolicyName>EnableGuestAccount</q5:SystemAccessPolicyName> <q5:SettingNumber>0</q5:SettingNumber> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:SystemAccessPolicyName>LSAAnonymousNameLookup</q5:SystemAccessPolicyName> <q5:SettingNumber>0</q5:SettingNumber> </q5:SecurityOptions> <q5:SecurityOptions> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:SystemAccessPolicyName>EnableAdminAccount</q5:SystemAccessPolicyName> <q5:SettingNumber>1</q5:SettingNumber> </q5:SecurityOptions> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>CcmExec</q5:Name> <q5:StartupMode>Automatic</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>RemoteAccess</q5:Name> <q5:StartupMode>Disabled</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>PlugPlay</q5:Name> <q5:StartupMode>Automatic</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>RemoteRegistry</q5:Name> <q5:StartupMode>Automatic</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>Netman</q5:Name> <q5:StartupMode>Automatic</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>RpcLocator</q5:Name> <q5:StartupMode>Automatic</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>RasMan</q5:Name> <q5:StartupMode>Disabled</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>RasAuto</q5:Name> <q5:StartupMode>Disabled</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>TapiSrv</q5:Name> <q5:StartupMode>Disabled</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>Spooler</q5:Name> <q5:StartupMode>Disabled</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>wuauserv</q5:Name> <q5:StartupMode>Automatic</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> <q5:SystemServices> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q5:Name>BITS</q5:Name> <q5:StartupMode>Manual</q5:StartupMode> <q5:SecurityDescriptor> <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</PermissionsPresent> <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent> </q5:SecurityDescriptor> </q5:SystemServices> </Extension> <Name xmlns="http://www.microsoft.com/GroupPolicy/Settings">Security</Name> </ExtensionData> <ExtensionData> <Extension xmlns:q6="http://www.microsoft.com/GroupPolicy/Settings/PublicKey" xsi:type="q6:PublicKeySettings" xmlns="http://www.microsoft.com/GroupPolicy/Settings"> <q6:AutoEnrollmentSettings> <q6:EnrollCertificatesAutomatically>true</q6:EnrollCertificatesAutomatically> <q6:Options> <q6:RenewUpdateRevoke>false</q6:RenewUpdateRevoke> <q6:UpdateTemplates>false</q6:UpdateTemplates> </q6:Options> <q6:ExpiryNotification>false</q6:ExpiryNotification> <q6:NotifyPercent> <q6:Present>false</q6:Present> <q6:Value>10</q6:Value> </q6:NotifyPercent> </q6:AutoEnrollmentSettings> <q6:EFSSettings> <q6:AllowEFS>2</q6:AllowEFS> <q6:Options>0</q6:Options> <q6:CacheTimeout>0</q6:CacheTimeout> <q6:KeyLen>0</q6:KeyLen> </q6:EFSSettings> <q6:EFSRecoveryAgent> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q6:IssuedTo>Administrator</q6:IssuedTo> <q6:IssuedBy>Administrator</q6:IssuedBy> <q6:ExpirationDate>2115-06-09T10:30:54Z</q6:ExpirationDate> <q6:CertificatePurpose> <q6:Purpose>1.3.6.1.4.1.311.10.3.4.1</q6:Purpose> </q6:CertificatePurpose> <q6:Data>0200000001000000CC0000001C0000006C0000000100000000000000000000000000000001000000640037006300370030003700320034002D0066003200340035002D0034006400370066002D0061003300340066002D0036003000640064003100650039003900300030003000310000000000000000004D006900630072006F0073006F0066007400200045006E00680061006E006300650064002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072002000760031002E003000000000000300000001000000140000008E463AB8D5858AC1093D69CD6A39E48B6F06E9EF200000000100000089030000308203853082026DA0030201020210108F17B05762BBAB4FD65BA98035B438300D06092A864886F70D01010505003050311630140603550403130D41646D696E6973747261746F72310C300A0603550407130345465331283026060355040B131F4546532046696C6520456E6372797074696F6E2043657274696669636174653020170D3135303730333130333035345A180F32313135303630393130333035345A3050311630140603550403130D41646D696E6973747261746F72310C300A0603550407130345465331283026060355040B131F4546532046696C6520456E6372797074696F6E20436572746966696361746530820122300D06092A864886F70D01010105000382010F003082010A0282010100A8E932607A905B1C53817F77F59DAA0F33C8C581256F3D51D3322E734712D751F33E9A229F687C6C37D811E9E10F2AE730C0E7A6F3AEDDF00A26B4CD542A1A9858F28B5C7D9A9F15D224B68586203380CB7A63B7313E28D51CE6D8E1E2A39F954127BD03871595C38C491490F82E796C48DE831B92E16DF41E1FD65943E1634C269D187104BA8AEE4E98E3F71E0A495B72DC0277224DAE5CF44FDE5954BA06C28AA09712FB347E3EC981AB4F1755D7091277DBDEF4181726BEC165ED4A2B86696A453DBFC718C5420857264C40E3CA2E020306C5D2DAD5E15B68EC23B1EC00ED0489FDD3848824CAF9BC3AB90AEEAFBAAAF363E59E04ABB123805CEF19537D6B0203010001A359305730160603551D25040F300D060B2B0601040182370A03040130320603551D11042B3029A027060A2B060104018237140203A0190C1741646D696E6973747261746F724073616963676D61630030090603551D1304023000300D06092A864886F70D0101050500038201010012ECECCBE06E3D8821B509442FD0F244F444370A4368AB7B01C19370BA010CEF7095F0D883BBA0903E6A0007760F8849EF23EB5921E5DC4928C7558560687F1A58EF1C39BC4C4AB43FA2C63FCE52F817C2391926FF63379F980D83DD3CC740AECBF2975FDA7C0702C2F466DF9792C42A748DEE6C9A41A91AA8FC25289649A05D0C74C5A63E1DD03E46938079D52825A441FE21EE861F67C6370F8AAB175FD525ED046F69A95E4ECD427DF8220E40390FE89CE855299C757185EE6E28051D71DDC20EBCB91C292F9D5E3BACD2862C28DFDA64236C9EF67463AEB788CA46629EB3CD254A6EE9BF7797B49D6EB820292441322642E6C0AE9E3F036B8A321A008DC3</q6:Data> </q6:EFSRecoveryAgent> <q6:RootCertificateSettings> <q6:AllowNewCAs>true</q6:AllowNewCAs> <q6:TrustThirdPartyCAs>true</q6:TrustThirdPartyCAs> <q6:RequireUPNNamingConstraints>false</q6:RequireUPNNamingConstraints> </q6:RootCertificateSettings> <q6:RootCertificate> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q6:IssuedTo>GMF IO Issuing CA</q6:IssuedTo> <q6:IssuedBy>GM Financial</q6:IssuedBy> <q6:ExpirationDate>2019-08-22T13:31:22Z</q6:ExpirationDate> <q6:Data>040000000100000010000000812F287DA84FC7A40BBEA3DCE582CE950F00000001000000140000001C7B57A7419EF33A70C28DD3A520AAACFF51346F140000000100000014000000953E7E111D922020988C2A3093A6F40E98494002190000000100000010000000CB233905D2D7CC34B03B1A4741B9D53E5C0000000100000004000000000800000300000001000000140000001490B95BAD1574792384FC6EAB79BAABAFC7011C2000000001000000940400003082049030820378A00302010202136B00000009CF72B565EB8217A8000000000009300D06092A864886F70D01010505003017311530130603550403130C474D2046696E616E6369616C301E170D3134303832323133323132325A170D3139303832323133333132325A307631133011060A0992268993F22C6401191603636F6D311B3019060A0992268993F22C640119160B676D66696E616E6369616C31123010060A0992268993F22C6401191602616431123010060A0992268993F22C6401191602696F311A301806035504031311474D4620494F2049737375696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C17FBB6FFA16FB691CA10BF2D8F3A75BC0C5FA09BDE69215EAC68D7D25F9EB64F8735510BBF2F6B3BD30BFFBD617D609DACF6E692C0F254C5581108E197F462C068C69E1B11CB2B3205D80D179CDFF7BBD24045D286D3B7E7E807ECA4110ACD99F77D0D086D52C008ABEF0E1629FCF311306BEE8F1F7FB2BDF01D073916B320D0C6EF4620F164D96CF556B5C631591D985887D3D99CF79A04B8F5CD27771B04F29D056E53A8073BFD5BAE1C73A142CBB820C315316A2A73D3707168610471F1354DD731FCFD27B4FBFB1BA45F0A01040575DBD53565E6106D03199E367913BD30235512F156AF97A844976FA66B1AB471D13FFEA4A6CC630D97E8A8D42EE03CB0203010001A382017430820170301206092B060104018237150104050203010002302306092B060104018237150204160414A080AC16C15D70E24620D145194FDCEAD68351CA301D0603551D0E04160414953E7E111D922020988C2A3093A6F40E98494002301906092B0601040182371402040C1E0A00530075006200430041300B0603551D0F040403020186300F0603551D130101FF040530030101FF301F0603551D23041830168014392BD0BB86133E764F108CB10761AD12E802FED1305A0603551D1F04533051304FA04DA04B8649687474703A2F2F6762776F6B73636172706D3030322E696F2E61642E676D66696E616E6369616C2E636F6D2F43657274456E726F6C6C2F474D25323046696E616E6369616C2E63726C306006082B0601050507010104543052305006082B06010505073002864466696C653A2F2F2F2F6762776F6B73636172706D3030312F43657274456E726F6C6C2F6762776F6B73636172706D3030315F474D25323046696E616E6369616C2E637274300D06092A864886F70D010105050003820101001120A989FABCD2A1429026B9CD891097016C71BE17D1FA464EF241E55A69A42F1D8F43CFDE9F311826FFF743E57EA7BECF6B73F8A1E386545F29EC4844822D512607C71E42E9483DB36BD53ADDF1D391DA0C3A0012085BDC6126267E44172A4C056C741DF85FF0FAA451193400EDBEB974B9B4D2AF6A60AD1B34D8F82EEB35E6DFA9EE97D539AD4D50595CBB4AD282A943E73B93D170DB2F543C4E5CFAF93E9807673184022DF95828E0652475AB41FDF44E22451166F58E6CFDB6FB53F8A369F735085FB435A3113D239D544E10D60F890386B4F4A2CA62E0EDAD664BF2D67FB8AF3E7791AD8B00090F6E5E31DE1DC2A57522AD8852CB5BDABF978DABDB065D</q6:Data> </q6:RootCertificate> <q6:RootCertificate> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q6:IssuedTo>CNSD1SCAWPM001-CA</q6:IssuedTo> <q6:IssuedBy>CNSD1SCAWPM001-CA</q6:IssuedBy> <q6:ExpirationDate>2030-07-06T02:23:28Z</q6:ExpirationDate> <q6:Data>0400000001000000100000004967A7624884ED40175A0F8E5B5C20C30F0000000100000014000000ECB817BF1055F24F231573B16F8418741EA4D058140000000100000014000000630E6103D052B4775D7935C36EDB9DF28E913A6619000000010000001000000041714285BB12CE9B0BF82910CD3F812C03000000010000001400000051524A1506FE57D51A68493CD487F36AB38357685C00000001000000040000000010000020000000010000001705000030820513308202FBA00302010202106DA0B1DE53F59E8049C4780935F853AC300D06092A864886F70D0101050500301C311A301806035504031311434E53443153434157504D3030312D4341301E170D3135303730363032313333305A170D3330303730363032323332385A301C311A301806035504031311434E53443153434157504D3030312D434130820222300D06092A864886F70D01010105000382020F003082020A0282020100C275D3ADD0F1A2FEF139936E7756F6B8E5DF62B8315F51F8BC81F4669F7631599E0EF3B5EF3BA9CE055270D46B35E6EFCCF4648F37BCF56D98303166583E852D91E518A035FFDB455910FE613D836C9D9BCA075DAD94243ED57A79B8EACAA9055A2D82E43399F88E01AAD3B83DD0E6BCC3001DB42D3D5134B7A1BDF9F159247EEB1E4DC7F4251C60FDF607F121AE1529D06E56507AD3972BA1BD86C7F244CF69C204D242D7F64EDDCAF59B22629EBEA62A2A9578342CA831AE7484F7BBD3DC7FEA634B141792F7D9BC8C21A35E9AAC32BF731DCFD35B550E2414DCCB79C8B1911EA118F7CBB506757C7294340A15BFF3F455A483D536EE34B80F351D1FC4C62DE1E6D777EB22ED9C508333A6D24EA84DE811B856645EC4B59654B4A36FDA88A82DDED51F94F6FD528572D2321F51E01C094FA0F1796C95CCA06B096715AE19F36508447C33C4EADC3B13B83C2F87B3DB561547C96C627EEC390A6CCAC1D1070068E0973E0DECBBBF978E4D9DD802B8A711C6A583479785FCACE84AC7EF4042609E66A9B10BA193AEFF8CE758CC31A884DE4B3094A799B7E6CA9A403868968AA1E72B5E1B65FFC46E1F3E665E8278D7D7177C0AE5BEBF67C460676126D7430B3A504623AE7305C8C4022F07B3E5C9CF8655578F2DC37D027BFEC9AD09F3A3B4B0C93F09D4B63BE1163C58C112C78A3887F7655B3E643EE0E4A549E8F5D966D9390203010001A351304F300B0603551D0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414630E6103D052B4775D7935C36EDB9DF28E913A66301006092B06010401823715010403020100300D06092A864886F70D01010505000382020100AD11C2697DD1AC9EAFD2DC0BEA4C96FB71088489E8100A319B54A7CB21183ED9D1ED975793254B33F31AA1AD3AD4491721F7D2FD757DB4B1A1A72CCD9418492B7827370EFA9DB61C9F0458C574642F4DEE598C243B548E6BF8794C138CA34646908FE206290F3119D4C6ADAFD06815E3540105961248D8F3C0BFE466EB1A265AA79287216AA10BB451FF5A0267069C406162836340C232A025DC5D302A9377BD2B5E74C511F93DD671BE2C92DD2ABB980AD53FD48E34EF4FF2549029BE94DD4B0974CC4F202BCE3EE676656BC74C23D889F32599B56EA9BF02E57769AD0C46F57C19F2648A2F60E8C8A281914384130C9382965C905464580EC873AB93B1B310D2AE849AAB54733A0C8655F82EF1197CCCA6B29061672690DC3048076B2D3A26EDD7068946882D280DC43863E5A2A5E1A8E4042DA73B8871583AF6A14DAEE1C937B5C42A1D75A309F2C22A6C61BA65AEE469063B8C874CDFDC11FDD7E018F9C7388E73D643949DDB5D649C33ADE41E57EE0CB0336E0A14591AFD7197D5509E3A24C0F880C2659373606D95621CE36F21C02D92B3FE5C72DE949157CCDEA8AB5C677CED45400EBBB890F8783764DD0A234C49920CC1C524AD19EC42CB86A701DD48281FF4E8EA8C35B63978557269BB3960082B886AE5ED67BB27BD508A2DF4BB89E9E7403DE53BBF5631F0C329806E61C3F967DF1D1D9C292C26F8AAA7404068</q6:Data> </q6:RootCertificate> <q6:RootCertificate> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q6:IssuedTo>SAIC GMAC Root CA</q6:IssuedTo> <q6:IssuedBy>SAIC GMAC Root CA</q6:IssuedBy> <q6:ExpirationDate>2046-06-14T07:40:31Z</q6:ExpirationDate> <q6:Data>040000000100000010000000007760FE4B43B776663795E0D25E80A10F0000000100000030000000A718BD778E3BA3B2A201933FFC42B5949BAA3194ACCB20EF9251E81A7730D0F889094735288612496FF561BA71DE7A041400000001000000140000002EE3B4D2ACD7A761B3E098D57E2065C5C7506AA5190000000100000010000000F38052846F7BF5B73F789BDC0175FB3A0300000001000000140000006AC44513B69A6C2D9E981F935CBEF2DC7EBCD2AF5C00000001000000040000000008000020000000010000001703000030820313308201FBA003020102021012FDE79A26F9DE9F48341E745F9D704B300D06092A864886F70D01010C0500301C311A3018060355040313115341494320474D414320526F6F74204341301E170D3136303631343037333033315A170D3436303631343037343033315A301C311A3018060355040313115341494320474D414320526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100B56359572A9F4495C71E03460395F57285E01DD1026F92922DC5DAF62FA0050B6FC555A74375F037DD93E4878544FCDAAA7B004B1ED7213AA2953864B1ECECE8EEFE774D5B4A0B023F0699BDF2CF841CC87B0C30BD4729F4802D563710464891FD5A3E922304C027A36FBD8C00C408B5DC33FE7D533500F475E947E075C14FE1C65CE9610D154A86FFA0AF09A5894AD90E33B6C0917C7DE01BAB2E4BCE75DA6D76169977E3B1E904C3A5759D38DC66F43F088DAEC0EEE605C319CF370CD3A28DE124FACF77E45A1F46358B7118FDD075BF219D0F5D2D944F758DA0A7EC0FC4C90D184A1A05A91CEE36BFD92F2F48430F99A1115AE2B9B39C4BF4E8B5BC2E9C550203010001A351304F300B0603551D0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604142EE3B4D2ACD7A761B3E098D57E2065C5C7506AA5301006092B06010401823715010403020100300D06092A864886F70D01010C050003820101007279CD21AF43D68C5E2A01008398398B0B65918C4B1560D2E52E6B8D8CA00DDD079A2AC0A03D4964F62619F88225B19D2D1DBF0D69DC3E884FF461048C44F94C2BF7A0240DB9CB40940D764466BCD467EA34540DF8249A866BEC4B00B163E5B4DC17927F9FECE44C2592E748571A3E730CAA8D0AD1452A8DEB864C3BDC23B3B300AD82580CE0D5EA345DF7B4E441A7CCC8A4E89EA14C14C16CE02E9D532E1AEF6FEBBC9B09AB9B5669380ACE964C32CC877C325CBBE0F77EAE97D1EC7FCDCF8E94FD8025F25D8C36BD37811ED48C06E5209A8B97816821FA2AAAA220F6CB1B33F55C335BF8FCDFC0ACD7D9CCE93A3834C2C3ECC5E278C9C7C9CCD9E33F211BDE</q6:Data> </q6:RootCertificate> <q6:RootCertificate> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q6:IssuedTo>GM Financial</q6:IssuedTo> <q6:IssuedBy>GM Financial</q6:IssuedBy> <q6:ExpirationDate>2024-02-21T17:26:00Z</q6:ExpirationDate> <q6:Data>040000000100000010000000378C9CFF9EAAEAB2D41A5897AF9359420F00000001000000140000004D8F0E09F2F4C7F41FD07C74BDFB2DB65D6DCDD3140000000100000014000000392BD0BB86133E764F108CB10761AD12E802FED11900000001000000100000001621A8F8ACBD603A3E6EEF6FF2286FE403000000010000001400000082A71A8FE0C48C7F35CB075B1D9069B74EC045615C00000001000000040000000008000020000000010000000D03000030820309308201F1A003020102021050BEFCE2329009884609E76E4DE4CFB7300D06092A864886F70D01010505003017311530130603550403130C474D2046696E616E6369616C301E170D3134303232313137313630305A170D3234303232313137323630305A3017311530130603550403130C474D2046696E616E6369616C30820122300D06092A864886F70D01010105000382010F003082010A0282010100BAD9A0824155B5CA7763A45829307B19D6F50E89D521B077BF0201349C627D9898D4C5FB58B6182CC65EEB1E56B0C39E2556809F876C6DB057A50A62A28AFA0A269AFD8731B9A0DB993EE8A1D137463775710FC6C08C044CFB13F7538DFA33B58683F7F44B9CD88D0B9730B646EA57DCC71D0EEF97B32CB135CDA794FEDBB1BBC6DB56519815CD7345CEC698F083CC8C3087CDC4854D264BF60980B8AF74ADC06D4432F52A313B074F46DCDE978911765283B32158F6C3C9A9761F24F6005C204660D676202161B17B3B1E2C31FAA717A2C6E79EBB017D6001652BE99070252909AE249814A8B50B289778FDABDC81C436E0909563A3362A5B3C790848C062BB0203010001A351304F300B0603551D0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414392BD0BB86133E764F108CB10761AD12E802FED1301006092B06010401823715010403020100300D06092A864886F70D01010505000382010100129505FFA75262F1C391835C56C15C49BB4FF0BA665638E21E29EB7542DF1833017DBEDA1401DD8845596A8D9C1E2BD08971EF3C36D4882CE8C607F862AB5B5834A51D49BBEBAE2C2F583F495E97BB54CE7151FC968B1C1D4D8CB579F22D8815045F8C02A8C08517A3A92E3CBD41456F5F85CC1EB63A631686A8B88877E43FD8DAA5DB86D783258210EF01423667ED8150F9927F14A12041739E2E7315F110947F6A8D5C30414EAC1F05106B23D478D884F92638D9438B92457C92E87BA73DC38CE2D9F385401E8C0BE60444D0A56DA826111C632202AE90EADDA3C47EF7B6E63399B2414EFF2320F6F7CAC28ED0B5EA006FD106E4C8C9230CE409AE866FCD11</q6:Data> </q6:RootCertificate> <q6:RootCertificate> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q6:IssuedTo>SAIC GMAC Issuing CA</q6:IssuedTo> <q6:IssuedBy>SAIC GMAC Root CA</q6:IssuedBy> <q6:ExpirationDate>2022-06-14T10:14:14Z</q6:ExpirationDate> <q6:Data>0400000001000000100000005EA5F8E95BF73E4EB05F9FCE7AF5FBA20F000000010000003000000015AD929A8B1A40FCEE0841B91D98786D360BFBF92129470A43AA4A4230599554489B2B997BBB1ADF689F02D4C63CA9A314000000010000001400000088CA18BF318CE12E5AED48E2ECA5FD65302303571900000001000000100000007E9FF811FF774141A8B6F23022537E125C000000010000000400000000080000180000000100000010000000F38052846F7BF5B73F789BDC0175FB3A0300000001000000140000008A0ECCAD63881E8759CC5D26508304CF4F982A962000000001000000730400003082046F30820357A003020102021362000000039427FA0223EE2FB1000000000003300D06092A864886F70D01010C0500301C311A3018060355040313115341494320474D414320526F6F74204341301E170D3136303631343130303431345A170D3232303631343130313431345A306331133011060A0992268993F22C6401191603636F6D31183016060A0992268993F22C640119160873616963676D616331133011060A0992268993F22C6401191603646972311D301B060355040313145341494320474D41432049737375696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100B0C9A515E3C00D4A975CC4413BE9187C092568F61F4FC9C6F6B9D9F7146B0F887D1CF32CDC70F06DCD31E60127EF99BD13C15B5420507B8366EF9DB3C3DF63D3E18EAFC323A2C232763285CFFF221169C6566D264DA9B5A7E56FA504249C522E7105EBE049173575CFC8E215739D47A3614125D6ADBACCBBA7DBBD86DC849F3B9E99EBB89FC97E81B2D63C1E8CA28BF8428E86EB0BDD5AC78AB5E2D912C93F50C8FEDF4A8B766AB652A593F421AC009E3251C694DAE499A63C6D50D57FC82FC4059414491D68095DB2BA7A95B95344DC6F1A73D411047547327C336E2C4188EF18C54F118904709E9EDE4CCF6BE17F94A03F635E3CBCBBF80C0BB4C8D062F71F0203010001A38201613082015D301206092B060104018237150104050203010001302306092B060104018237150204160414E149CABF084AE63207AFAEC79BA9487A1ED7416D301D0603551D0E0416041488CA18BF318CE12E5AED48E2ECA5FD6530230357301906092B0601040182371402040C1E0A00530075006200430041300B0603551D0F040403020186300F0603551D130101FF040530030101FF301F0603551D230418301680142EE3B4D2ACD7A761B3E098D57E2065C5C7506AA5304E0603551D1F044730453043A041A03F863D687474703A2F2F726F6F746364702E6469722E73616963676D61632E636F6D2F63657274656E726F6C6C2F73616963676D6163726F6F7463612E63726C305906082B06010505070101044D304B304906082B06010505073002863D687474703A2F2F726F6F746364702E6469722E73616963676D61632E636F6D2F63657274656E726F6C6C2F73616963676D6163726F6F7463612E637274300D06092A864886F70D01010C050003820101009BB40CAC62450D547D9E7EBA608F2EA3D7457CF603DD951761C5C582AD66AD43CF779B046478788A940B0F087E1AC045579A97AD905A7176CE9B072A932ACC7DCF6F64696A604CAD0D27E64FA5C088FB2479059AD919EB4FFC7E453BDFF715B550D05A206E282A873B49C9523FF7F4DCA9FC8FC29756855F75F3EB13AEE2822F57699DFAF078547A40815DD0BB447A47ABF7098E62DBFA17F629633043AC05BA8056A32D80C2B21FC6ACCBDD7FE8BF9D0779B985A9B74BC9EDACBD5BDD454DD8299D747FE50C32044DAE7E26B7DDC49E43703C8FAEF4C28A8B85F269C96E5D705706C270426907A2E82EBCCB4C03AAE1FD0C75F2BC6CCDCDA956364A5277177D</q6:Data> </q6:RootCertificate> <q6:RootCertificate> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q6:IssuedTo>GM Financial</q6:IssuedTo> <q6:IssuedBy>GM Financial</q6:IssuedBy> <q6:ExpirationDate>2025-11-05T17:19:02Z</q6:ExpirationDate> <q6:Data>0400000001000000100000001AE20A18E2D4F1B7B9E821578C120E2F0F000000010000002000000053C11C4A33F6FC3577A3DBDC4271E6EDB0F62DF6C1D02A915640511465CAF1B41400000001000000140000004215CB0B41C4E186A31EF2B03CA3F157FF20594E19000000010000001000000041A00DF44B8FEB84F258702DA8E830910300000001000000140000008D9A6D88E7C0A6D53058E6F22C57D567E179233E5C0000000100000004000000000800002000000001000000340300003082033030820218A00302010202101C0A9B700B686A87423038EDBEFBACDC300D06092A864886F70D01010B05003017311530130603550403130C474D2046696E616E6369616C301E170D3135313130363137303930325A170D3235313130353137313930325A3017311530130603550403130C474D2046696E616E6369616C30820122300D06092A864886F70D01010105000382010F003082010A02820101009B88FD97824D8701E4CE03D0ABA71FDB92B7B4D69816BCD946A4848F7299C95470A6E6955942318A31BAF3360E8B52C540428A96ADC8ED90961F81EA9DCB4041FEE798D99DACFA7F166B8BED619659EDBDC1E69794AFB58F7377C3080562440E28ED2B2BBB79BF1BB3CD94F612949D2FF7C3FB7D9D06B9EFA26C2E9FF404B234A4D4853114A9E6E0F956AD0E26389624834162A9107E80304943DDB385F2CCC3A9440B0F58613A82346A4E81000EAC958913358862486263FF615612010E1B04C9EA13BC82152E2158729E4B2354E34DE1672C4D6E56A843645BC81F055251AA1A88C3FC008E61BE27C6E1AFE2C7082C2704155C16B8926BE309679B179D15A70203010001A3783076300B0603551D0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604144215CB0B41C4E186A31EF2B03CA3F157FF20594E301206092B060104018237150104050203010001302306092B06010401823715020416041482A71A8FE0C48C7F35CB075B1D9069B74EC04561300D06092A864886F70D01010B0500038201010050E76324FBCA5AEDD125DE006E1BB5FF911B6B963A15169FF288E00AD954AAEAF8033DD310D9F8E7B776F28ED59686BF536DBB9C357F55972A9F15D65074E8198EEB721E85C2D4103C9EFD28746A39DC2A2D51820794D5EC3CA2D97070E9687F3A451A628DE27D01E40DBA9DC12123CF86580E3E42868123C7668EEAC0854D18A401AD81FB83B2F332A6134BBB7C77B9F7CD58E5CDF37D3B8D818A809E180BF87A4D1F32F726136B269E758B01DCB09747008C8536F711676DEE8C86E24A8CFB9DD9510D3871D6066CDEE7CD35405E136E901132FC289C3BED496745BABBC532D0529619BF1F5BCB673941B2A84A2D6FCBBAF45F08D4FBEEBACBD82E4D6FAB6F</q6:Data> </q6:RootCertificate> <q6:RootCertificate> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q6:IssuedTo>CNSD1SCACPM001</q6:IssuedTo> <q6:IssuedBy>CNSD1SCAWPM001-CA</q6:IssuedBy> <q6:ExpirationDate>2016-07-06T03:10:44Z</q6:ExpirationDate> <q6:Data>040000000100000010000000367B6FD453CD74CB423305B6DA6C32650F000000010000001400000033E9EA2E4031FC2BF6CCA28F8F708B5ED3B8F63F140000000100000014000000567FE97BE8B63B5A7AFAA9143150FC16FC8DC09819000000010000001000000008F3386C3769EF4CEEF080A462BBFB775C00000001000000040000000008000018000000010000001000000041714285BB12CE9B0BF82910CD3F812C030000000100000014000000BD4889164DDDA34A1E29A1D2769CF1720E07385E2000000001000000E4040000308204E0308202C8A00302010202135F000000026795C5B76CDA480B000000000002300D06092A864886F70D0101050500301C311A301806035504031311434E53443153434157504D3030312D4341301E170D3135303730363033303034345A170D3136303730363033313034345A305D31133011060A0992268993F22C6401191603636F6D31183016060A0992268993F22C640119160873616963676D616331133011060A0992268993F22C6401191603646972311730150603550403130E434E53443153434143504D30303130820122300D06092A864886F70D01010105000382010F003082010A0282010100D17B693FB9A8FAB234DFB2B837C443CFC5CBE59FFA9275C182D7A399F07D12FFDBA9146EF178544DBA7106F5507D0F28D80205A5E029B024AA55B118678562683ADBAC13E8E28D72172D0442B72EF26C25568A78A073089988BB9FBC5042E9B425C75FF6EAEF87B6FE9602B6B7FC10EC34BE357CFFB5F4AA64735DD93137E36CDD3B9D75A75B83AF69F49E187C35E121C548217779A123884EFFF1B713A1014C151F93BE1151C7C02CFC919730454BE3B9CE1E28F40B3971B3D551FEBDD0803F61575D8233B512481D59ECE5C962F3CC026AE7D62849543B732762123C21EA5D3D74A67D0B733F7D4B7C90F900612BD8F8D3980A76F0B48CD08FA38C6068CCBB0203010001A381D93081D6301006092B06010401823715010403020100301D0603551D0E04160414567FE97BE8B63B5A7AFAA9143150FC16FC8DC098301906092B0601040182371402040C1E0A00530075006200430041300B0603551D0F040403020186300F0603551D130101FF040530030101FF301F0603551D23041830168014630E6103D052B4775D7935C36EDB9DF28E913A6630490603551D1F04423040303EA03CA03A8638687474703A2F2F63612E6469722E73616963676D61632E636F6D2F63657274656E726F6C6C2F636E73643173636177706D3030312E63726C300D06092A864886F70D01010505000382020100BF783911A82CA7691664E5210CB43ED0719256D71CADCEF55E1239B7FDF7A45BCC1628BCCBB7E12219F332CF01896E672F307A281E2BF2C943EA3DBA43F2C9B0EFDB7190ACC6AE0D1B673002FD2A6D51BC627B165DE334DFD899816B767D3DEE62C7E955CBA12BACFF6D0669D08C983FA141D7500E21074596710ED21E747DF58E4F59FA648D36DF5F5B86C605805F5416773FB2DBDFA3D5817A638564A7368F447346F68757147FA7BB056310BFAF0DB4700C5D25095AFE389F32AD6519DFE38FDEE63BFA40071511C51BF58E9F5F431A728CA57868A0C61DA99296E821F9F69C249A7FCA44DF5558959CCDD3AC68B26643765A0BCC7D93AD7ECA627E382A0910029A0327431F961E8B1D0410C614A1545E9E90EB187AB0BCA3EFAEE3247E9F7F1B7E6E06B20744F887CDFADE0E68A48800DBE06FC109F8705D88839A494A9278E4F92D6CE1AE01E7A896023273926DA6D0FB71C740D3595863F842243EC3B46928E3432D29BCAE3E445D838064D6D4AC8E47159CF6C44D3CD9AF582976E0B6F1E242BDDB0C8C948E69B4A65B81700B28B639962D17A5CDE5A0CCBDBCFB86DB2076C8C13924DACED95E5C11FDC18B739DEB03F14583ED52AECD89560EF31A018BDFC9797D84460325A181B2FD5261FBC4EE2EE14171A532E0BCC4437688859B313D625724E1CB147A439316FE2E9B99F775981240455D64055DE2F24E1D11A9</q6:Data> </q6:RootCertificate> <q6:RootCertificate> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q6:IssuedTo>GMF IO Issuing CA 2016</q6:IssuedTo> <q6:IssuedBy>GM Financial</q6:IssuedBy> <q6:ExpirationDate>2021-01-25T19:04:45Z</q6:ExpirationDate> <q6:Data>0400000001000000100000001A2557554AD05025DA1F41AEBAF1BC8C0F0000000100000020000000BB81DCC981A279BFAE397200F285AC924304147C2892A18DFC5B0D07AD1620A91400000001000000140000006059BBC6EA3B60718EF09F4F6688F7C9CC79659B19000000010000001000000026ED128FC53441133BE63A1060599D945C000000010000000400000000080000030000000100000014000000DFE43607616167CA263F75323B08E8F28D3585ED200000000100000078040000308204743082035CA00302010202136B0000000D1CE363CF7A8D2EB800010000000D300D06092A864886F70D01010B05003017311530130603550403130C474D2046696E616E6369616C301E170D3136303132353138353434355A170D3231303132353139303434355A307B31133011060A0992268993F22C6401191603636F6D311B3019060A0992268993F22C640119160B676D66696E616E6369616C31123010060A0992268993F22C6401191602616431123010060A0992268993F22C6401191602696F311F301D06035504031316474D4620494F2049737375696E67204341203230313630820122300D06092A864886F70D01010105000382010F003082010A0282010100A17F2EFB409C8E3AF7D6ABA8D1CC12C2F6A27A186626426E3ACE22EC19C011D88E3F40A3B2847B2C2C85B543694E26FB01DC164735DADF3770C9F71498E90EDF4F9DF8B23FABC40D48764803A1F6D486628092C94F495A1A4E9F8BF51C038BF78900CACDEB7D973619F072DE5A5B36E02CFFAA481197229D6064F610147EB20E13A1E1ECAAF89FFF6FAC944E0DA954C1B81D6C4AD041BEB7A66C29248F344D1A5AD04CC68E28BD45F2459532A159A7419615EB8983D06B7841AD93BD8FC767A213D94E921D65D66782EA606EDB8FBEBA320DDE053CDF71180A185C7559D28CDE310200B365184BA40955DF325E90F418EC63EA3F1978D5854048BDBD0B2CFC6F0203010001A38201533082014F301006092B06010401823715010403020100301D0603551D0E041604146059BBC6EA3B60718EF09F4F6688F7C9CC79659B301906092B0601040182371402040C1E0A00530075006200430041300B0603551D0F040403020186300F0603551D130101FF040530030101FF301F0603551D230418301680144215CB0B41C4E186A31EF2B03CA3F157FF20594E305D0603551D1F045630543052A050A04E864C687474703A2F2F6762776F6B73636172706D3030322E696F2E61642E676D66696E616E6369616C2E636F6D2F43657274456E726F6C6C2F474D25323046696E616E6369616C2831292E63726C306306082B0601050507010104573055305306082B06010505073002864766696C653A2F2F2F2F6762776F6B73636172706D3030312F43657274456E726F6C6C2F6762776F6B73636172706D3030315F474D25323046696E616E6369616C2831292E637274300D06092A864886F70D01010B050003820101007659EFC6F36D09901DDA4EA2092701990833592C1B63529F3E15089595DB8E3A741758AC3F5C2551C2EF8067114B633D45802E06DEF5398ECBF88C2DA0785A5BEE9FBF8340015856D550003049343C5552B8BBC48A13B2384C8E20574AC337ACE95E41762E5F26BEF38065C4288A3CED7D69FC3A108E9D5ABE8EAE314B56FDA6F9C7766AE479AB35C92F112E1959D0F634C51CB45918F6EAC1CCD67C6BC8978DE910DF6DB051419340BA8BA8CC8F1C9C95E7D5F1782195CB3FC7806E1C9A48D21C925FD7F9BB41A6E5F08CFDD54253F503A1D50721AD601F6BD79596BC6C9960E1157538A1993B0852536BFB0DE79E9838B01BF8B7DC93533244EB6CCB6B1568</q6:Data> </q6:RootCertificate> </Extension> <Name xmlns="http://www.microsoft.com/GroupPolicy/Settings">Public Key</Name> </ExtensionData> <ExtensionData> <Extension xmlns:q7="http://www.microsoft.com/GroupPolicy/Settings/WindowsFirewall" xsi:type="q7:WindowsFirewallSettings" xmlns="http://www.microsoft.com/GroupPolicy/Settings"> <q7:GlobalSettings> <q7:PolicyVersion> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q7:Value>534</q7:Value> </q7:PolicyVersion> </q7:GlobalSettings> <q7:DomainProfile> <q7:EnableFirewall> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q7:Value>false</q7:Value> </q7:EnableFirewall> </q7:DomainProfile> <q7:PublicProfile> <q7:EnableFirewall> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q7:Value>false</q7:Value> </q7:EnableFirewall> </q7:PublicProfile> <q7:PrivateProfile> <q7:EnableFirewall> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q7:Value>false</q7:Value> </q7:EnableFirewall> </q7:PrivateProfile> </Extension> <Name xmlns="http://www.microsoft.com/GroupPolicy/Settings">Windows Firewall</Name> </ExtensionData> <ExtensionData> <Extension xmlns:q8="http://www.microsoft.com/GroupPolicy/Settings/nrpt" xsi:type="q8:NrptSettings" xmlns="http://www.microsoft.com/GroupPolicy/Settings"> <q8:Global> <q8:Nla xsi:nil="true" /> <q8:Fallback xsi:nil="true" /> <q8:Query xsi:nil="true" /> </q8:Global> </Extension> <Name xmlns="http://www.microsoft.com/GroupPolicy/Settings">Name Resolution Policy</Name> </ExtensionData> <ExtensionData> <Extension xmlns:q9="http://www.microsoft.com/GroupPolicy/Settings/Registry" xsi:type="q9:RegistrySettings" xmlns="http://www.microsoft.com/GroupPolicy/Settings"> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Limit the maximum network bandwidth for BITS background transfers</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting does not affect foreground transfers.) You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours. If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. If you disable or do not configure this policy setting, BITS uses all available unused bandwidth. Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).</q9:Explain> <q9:Supported>Windows XP SP2 or Windows Server 2003 SP1, or computers with BITS 2.0 installed.</q9:Supported> <q9:Category>Network/Background Intelligent Transfer Service (BITS)</q9:Category> <q9:Numeric> <q9:Name>Limit background transfer rate (Kbps) to:</q9:Name> <q9:State>Enabled</q9:State> <q9:Value>1000</q9:Value> </q9:Numeric> <q9:DropDownList> <q9:Name>From</q9:Name> <q9:State>Enabled</q9:State> <q9:Value> <q9:Name>9 AM</q9:Name> </q9:Value> </q9:DropDownList> <q9:DropDownList> <q9:Name>to</q9:Name> <q9:State>Enabled</q9:State> <q9:Value> <q9:Name>5 PM</q9:Name> </q9:Value> </q9:DropDownList> <q9:Text> <q9:Name>At all other times</q9:Name> </q9:Text> <q9:CheckBox> <q9:Name>Use all available unused bandwidth</q9:Name> <q9:State>NotConfigured</q9:State> </q9:CheckBox> <q9:Text> <q9:Name>OR</q9:Name> </q9:Text> <q9:Numeric> <q9:Name>Limit background transfer rate (Kbps) to:</q9:Name> <q9:State>Enabled</q9:State> <q9:Value>9999</q9:Value> </q9:Numeric> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Windows Firewall: Protect all network connections</q9:Name> <q9:State>Disabled</q9:State> <q9:Explain>Turns on Windows Firewall. If you enable this policy setting, Windows Firewall runs and ignores the "Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting. If you disable this policy setting, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on locally cannot start it. If you do not configure this policy setting, administrators can use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.</q9:Explain> <q9:Supported>At least Windows XP Professional with SP2</q9:Supported> <q9:Category>Network/Network Connections/Windows Firewall/Domain Profile</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Windows Firewall: Protect all network connections</q9:Name> <q9:State>Disabled</q9:State> <q9:Explain>Turns on Windows Firewall. If you enable this policy setting, Windows Firewall runs and ignores the "Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting. If you disable this policy setting, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on locally cannot start it. If you do not configure this policy setting, administrators can use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.</q9:Explain> <q9:Supported>At least Windows XP Professional with SP2</q9:Supported> <q9:Category>Network/Network Connections/Windows Firewall/Standard Profile</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Hardened UNC Paths</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. </q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Network/Network Provider</q9:Category> <q9:Text> <q9:Name>Specify hardened network paths. In the name field, type a fully-qualified UNC path for each network resource. To secure all access to a share with a particular name, regardless of the server name, specify a server name of '*' (asterisk). For example, "\\*\NETLOGON". To secure all access to all shares hosted on a server, the share name portion of the UNC path may be omitted. For example, "\\SERVER". In the value field, specify one or more of the following options, separated by commas: 'RequireMutualAuthentication=1': Mutual authentication between the client and server is required to ensure the client connects to the correct server. 'RequireIntegrity=1': Communication between the client and server must employ an integrity mechanism to prevent data tampering. 'RequirePrivacy=1': Communication between the client and the server must be encrypted to prevent third parties from observing sensitive data.</q9:Name> </q9:Text> <q9:ListBox> <q9:Name>Hardened UNC Paths:</q9:Name> <q9:State>Enabled</q9:State> <q9:ExplicitValue>true</q9:ExplicitValue> <q9:Additive>true</q9:Additive> <q9:Value> <q9:Element> <q9:Name>\\*\SYSVOL</q9:Name> <q9:Data>RequireMutualAuthentication=1, RequireIntegrity=1</q9:Data> </q9:Element> <q9:Element> <q9:Name>\\*\NETLOGON</q9:Name> <q9:Data>RequireMutualAuthentication=1, RequireIntegrity=1</q9:Data> </q9:Element> </q9:Value> </q9:ListBox> <q9:Text> <q9:Name> </q9:Name> </q9:Text> <q9:Text> <q9:Name>You should require both Integrity and Mutual Authentication for any UNC paths that host executable programs, script files, or files that control security policies. Consider hosting files that do not require Integrity or Privacy on separate shares from those that absolutely need such security for optimal performance. For additional details on configuring Windows computers to require additional security when accessing specific UNC paths, visit http://support.microsoft.com/kb/3000483.</q9:Name> </q9:Text> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Offer Remote Assistance</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you don't configure this policy, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you enable this policy, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance. To configure the list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format: <Domain Name>\<User Name> or <Domain Name>\<Group Name> If you enable this policy you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running. Windows Vista and later Enable the Remote Assistance exception for the domain profile. The exception must contain: Port 135:TCP %WINDIR%\System32\msra.exe %WINDIR%\System32\raserver.exe Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1) Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe %WINDIR%\System32\Sessmgr.exe For computers running Windows Server 2003 with Service Pack 1 (SP1) Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe Allow Remote Desktop Exception</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>System/Remote Assistance</q9:Category> <q9:DropDownList> <q9:Name>Permit remote control of this computer:</q9:Name> <q9:State>Enabled</q9:State> <q9:Value> <q9:Name>Allow helpers to remotely control the computer</q9:Name> </q9:Value> </q9:DropDownList> <q9:ListBox> <q9:Name>Helpers:</q9:Name> <q9:State>Enabled</q9:State> <q9:ExplicitValue>false</q9:ExplicitValue> <q9:Additive>false</q9:Additive> <q9:Value> <q9:Element> <q9:Data>saicgmac\Itservicedeskchina</q9:Data> </q9:Element> <q9:Element> <q9:Data>saicgmac\IT Helpdesk</q9:Data> </q9:Element> </q9:Value> </q9:ListBox> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Solicited Remote Assistance</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting allows you to enable or disable Solicited (Ask for) Remote Assistance on this computer. If you enable this policy, users on this computer can use e-mail or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings. If you disable this policy, users on this computer cannot use e-mail or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer. If you don't configure this policy, users can enable or disable Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings. If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." The "Maximum ticket time" setting sets a limit on the amount of time that a Remote Assistance invitation created by using e-mail or file transfer can remain open. The "Select the method for sending e-mail invitations" setting specifies which e-mail standard to use to send Remote Assistance invitations. Depending on your e-mail program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your e-mail message). This setting is not available in Windows Vista since SMAPI is the only method supported. If you enable this policy you should also enable appropriate firewall exceptions to allow Remote Assistance communications.</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>System/Remote Assistance</q9:Category> <q9:DropDownList> <q9:Name>Permit remote control of this computer:</q9:Name> <q9:State>NotConfigured</q9:State> </q9:DropDownList> <q9:Numeric> <q9:Name>Maximum ticket time (value):</q9:Name> <q9:State>NotConfigured</q9:State> <q9:Value>0</q9:Value> </q9:Numeric> <q9:DropDownList> <q9:Name>Maximum ticket time (units):</q9:Name> <q9:State>NotConfigured</q9:State> </q9:DropDownList> <q9:DropDownList> <q9:Name>Method for sending e-mail invitations:</q9:Name> <q9:State>NotConfigured</q9:State> </q9:DropDownList> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Turn off Autoplay</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Turns off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. Prior to XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. Starting with XP SP2, Autoplay is enabled for removable drives as well, including ZIP drives and some USB Mass Storage devices. If you enable this setting, you can disable Autoplay on CD-ROM and removable media drives, or disable Autoplay on all drives. This setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default. Note: This setting appears in both the Computer Configuration and User Configuration folders. If the settings conflict, the setting in Computer Configuration takes precedence over the setting in User Configuration.</q9:Explain> <q9:Supported>At least Windows 2000</q9:Supported> <q9:Category>Windows Components/AutoPlay Policies</q9:Category> <q9:DropDownList> <q9:Name>Turn off Autoplay on:</q9:Name> <q9:State>Enabled</q9:State> <q9:Value> <q9:Name>All drives</q9:Name> </q9:Value> </q9:DropDownList> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Maximum Log Size (KB)</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file maximum size will be set to the local configuration value. This value can be changed by the local administrator using the log properties dialog and it defaults to 20 megabytes.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Event Log Service/Application</q9:Category> <q9:Numeric> <q9:Name>Maximum Log Size (KB)</q9:Name> <q9:State>Enabled</q9:State> <q9:Value>98304</q9:Value> </q9:Numeric> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Retain old events</q9:Name> <q9:State>Disabled</q9:State> <q9:Explain>This policy setting controls Event Log behavior when the log file reaches its maximum size. When this policy setting is enabled and a log file reaches its maximum size, new events are not written to the log and are lost. When this policy setting is disabled and a log file reaches its maximum size, new events overwrite old events. Note: Old events may or may not be retained according to the “Backup log automatically when full” policy setting.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Event Log Service/Application</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Backup log automatically when full</q9:Name> <q9:State>Disabled</q9:State> <q9:Explain>This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the “Retain old events” policy setting is enabled. If you enable this policy setting and the “Retain old events” policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started. If you disable this policy setting and the “Retain old events” policy setting is enabled, then new events are discarded and the old events are retained. When this policy setting is not configured and the “Retain old events” policy setting is enabled, new events are discarded and the old events are retained.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Event Log Service/Security</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Maximum Log Size (KB)</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file maximum size will be set to the local configuration value. This value can be changed by the local administrator using the log properties dialog and it defaults to 20 megabytes.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Event Log Service/Security</q9:Category> <q9:Numeric> <q9:Name>Maximum Log Size (KB)</q9:Name> <q9:State>Enabled</q9:State> <q9:Value>196608</q9:Value> </q9:Numeric> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Retain old events</q9:Name> <q9:State>Disabled</q9:State> <q9:Explain>This policy setting controls Event Log behavior when the log file reaches its maximum size. When this policy setting is enabled and a log file reaches its maximum size, new events are not written to the log and are lost. When this policy setting is disabled and a log file reaches its maximum size, new events overwrite old events. Note: Old events may or may not be retained according to the “Backup log automatically when full” policy setting.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Event Log Service/Security</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Maximum Log Size (KB)</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file maximum size will be set to the local configuration value. This value can be changed by the local administrator using the log properties dialog and it defaults to 20 megabytes.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Event Log Service/System</q9:Category> <q9:Numeric> <q9:Name>Maximum Log Size (KB)</q9:Name> <q9:State>Enabled</q9:State> <q9:Value>98304</q9:Value> </q9:Numeric> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Retain old events</q9:Name> <q9:State>Disabled</q9:State> <q9:Explain>This policy setting controls Event Log behavior when the log file reaches its maximum size. When this policy setting is enabled and a log file reaches its maximum size, new events are not written to the log and are lost. When this policy setting is disabled and a log file reaches its maximum size, new events overwrite old events. Note: Old events may or may not be retained according to the “Backup log automatically when full” policy setting.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Event Log Service/System</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Prevent running First Run wizard</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. If you enable this policy setting, you must make one of the following choices: • Skip the First Run wizard, and go directly to the user's home page. • Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage. Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen. If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.</q9:Explain> <q9:Supported>At least Internet Explorer 7.0</q9:Supported> <q9:Category>Windows Components/Internet Explorer</q9:Category> <q9:DropDownList> <q9:Name>Select your choice</q9:Name> <q9:State>Enabled</q9:State> <q9:Value> <q9:Name>Go directly to home page</q9:Name> </q9:Value> </q9:DropDownList> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Allow users to connect remotely using Remote Desktop Services</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting allows you to configure remote access to computers using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer using Remote Desktop Services. If you disable this policy setting, users cannot connect remotely to the target computer using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections. If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether remote connection is allowed. This setting is found on the Remote tab in System Properties. By default, remote connection is not allowed. Note: You can limit which clients are able to connect remotely using Remote Desktop Services by configuring the "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication" policy setting. You can limit the number of users who can connect simultaneously by configuring the "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections" policy setting or by configuring the "Maximum Connections" option on the Network Adapter tab in the Remote Desktop Session Host Configuration tool.</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Limit number of connections</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, addtional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions. To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999. If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server. If the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level. Note: This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed).</q9:Explain> <q9:Supported>At least Windows Server 2003</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections</q9:Category> <q9:Numeric> <q9:Name>RD Maximum Connections allowed</q9:Name> <q9:State>Enabled</q9:State> <q9:Value>999</q9:Value> </q9:Numeric> <q9:Text> <q9:Name>Type 999999 for unlimited connections.</q9:Name> </q9:Text> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Restrict Remote Desktop Services users to a single Remote Desktop Services session</q9:Name> <q9:State>Disabled</q9:State> <q9:Explain>This policy setting allows you to restrict users to a single remote Remote Desktop Services session. If you enable this policy setting, users who log on remotely using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at next logon. If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections using Remote Desktop Services. If you do not configure this policy setting, the "Restrict each user to one session" setting in the Remote Desktop Session Host Configuration tool will determine if users are restricted to a single Remote Desktop Services session.</q9:Explain> <q9:Supported>At least Windows Server 2003</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Do not allow COM port redirection</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. If the status is set to Enabled, users cannot redirect server data to the local COM port. If the status is set to Disabled, Remote Desktop Services always allows COM port redirection. If the status is set to Not Configured, COM port redirection is not specified at the Group Policy level. However, an administrator can still disable COM port redirection using the Remote Desktop Session Host Configuration tool.</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Do not allow drive redirection</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in Windows Explorer or Computer in the format <driveletter> on <computername>. You can use this setting to override this behavior. If the status is set to Enabled, client drive redirection is not allowed in Remote Desktop Services sessions. If the status is set to Disabled, client drive redirection is always allowed. If the status is set to Not Configured, client drive redirection is not specified at the Group Policy level. However, an administrator can still disable client drive redirection by using the Remote Desktop Session Host Configuration tool.</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Do not allow LPT port redirection</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows this LPT port redirection. If the status is set to Enabled, users in a Remote Desktop Services session cannot redirect server data to the local LPT port. If the status is set to Disabled, LPT port redirection is always allowed. If the status is set to Not Configured, LPT port redirection is not specified at the Group Policy level. However, an administrator can still disable local LPT port redirection using the Remote Desktop Session Host Configuration tool.</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Do not allow supported Plug and Play device redirection</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of supported Plug and Play devices. Users can use the "More" option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer. If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer. If you disable this policy setting or do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Note: You can also disallow redirection of supported Plug and Play devices on the Client Settings tab in the Remote Desktop Session Host Configuration tool. You can disallow redirection of specific types of supported Plug and Play devices by using the "Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions" policy settings.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Always prompt for password upon connection</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client. If the status is set to Enabled, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on. If the status is set to Disabled, users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client. If the status is set to Not Configured, automatic logon is not specified at the Group Policy level. However, an administrator can still enforce password prompting by using the Remote Desktop Session Host Configuration tool.</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Require secure RPC communication</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients. If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request. If the status is set to Not Configured, unsecured communication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services.</q9:Explain> <q9:Supported>At least Windows Server 2003</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{0B676C17-E974-4960-986A-75755D028C9D}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Require use of specific security layer for remote (RDP) connections</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. If you enable this setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. The following security methods are available: * Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. * RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. * SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. If you disable or do not configure this setting, the security method to be used for remote connections to RD Session Host servers is not enforced through Group Policy. However, you can configure a required security method for these connections by using Remote Desktop Session Host Configuration tool.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security</q9:Category> <q9:DropDownList> <q9:Name>Security Layer</q9:Name> <q9:State>Enabled</q9:State> <q9:Value> <q9:Name>SSL (TLS 1.0)</q9:Name> </q9:Value> </q9:DropDownList> <q9:Text> <q9:Name>Choose the security layer from the drop-down list.</q9:Name> </q9:Text> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Require user authentication for remote connections by using Network Level Authentication</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process. If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase "Network Level Authentication supported." If you disable or do not configure this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server. You can specify that Network Level Authentication be required for user authentication by using Remote Desktop Session Host Configuration tool or the Remote tab in System Properties. Important: Disabling or not configuring this policy setting provides less security because user authentication will occur later in the remote connection process. </q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Server Authentication Certificate Template</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when SSL (TLS 1.0) is used to secure communication between a client and an RD Session Host server during RDP connections. If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected. If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or do not configure this policy setting, a self-signed certificate will be used by default to authenticate the RD Session Host server. You can select a specific certificate to be used to authenticate the RD Session Host server on the General tab of the Remote Desktop Session Host Configuration tool. Note: If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.</q9:Explain> <q9:Supported>At least Windows Vista</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security</q9:Category> <q9:EditText> <q9:Name>Certificate Template Name</q9:Name> <q9:State>Enabled</q9:State> <q9:Value>RemoteDesktopComputer</q9:Value> </q9:EditText> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Set client connection encryption level</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Specifies whether to require the use of a specific encryption level to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. If you enable this setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available: * High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers. * Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit encryption. * Low: The Low setting encrypts only data sent from the client to the server using 56-bit encryption. If you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy. However, you can configure a required encryption level for these connections by using Remote Desktop Session Host Configuration tool. Important FIPS compliance can be configured through the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" setting in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options) or through the "FIPS Compliant" setting in Remote Desktop Session Host Configuration. The FIPS Compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140-1 encryption algorithms, using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers require the highest level of encryption. If FIPS compliance is already enabled through the Group Policy "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" setting, that setting overrides the encryption level specified in this Group Policy setting or in the Remote Desktop Session Host Configuration tool.</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security</q9:Category> <q9:DropDownList> <q9:Name>Encryption Level</q9:Name> <q9:State>Enabled</q9:State> <q9:Value> <q9:Name>High Level</q9:Name> </q9:Value> </q9:DropDownList> <q9:Text> <q9:Name>Choose the encryption level from the drop-down list.</q9:Name> </q9:Text> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Set time limit for active but idle Remote Desktop Services sessions</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Idle session limit drop-down list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. If you disable or do not configure this policy setting, Remote Desktop Services allows sessions to remain active but idle for an unlimited time. You can specify time limits for active but idle sessions on the Sessions tab in the Remote Desktop Session Host Configuration tool. If you want Remote Desktop Services to terminate-instead of disconnect-a session when the time limit is reached, you can configure the "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Terminate session when time limits are reached" policy setting. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Session Time Limits</q9:Category> <q9:DropDownList> <q9:Name>Idle session limit:</q9:Name> <q9:State>Enabled</q9:State> <q9:Value> <q9:Name>15 minutes</q9:Name> </q9:Value> </q9:DropDownList> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Set time limit for disconnected sessions</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select "Never". If you have a console session, disconnected session time limits do not apply. If you disable or do not configure this policy setting, disconnected sessions are maintained for an unlimited time. You can specify time limits for disconnected sessions on the Sessions tab in the Remote Desktop Session Host Configuration tool. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.</q9:Explain> <q9:Supported>At least Windows XP Professional or Windows Server 2003 family</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Session Time Limits</q9:Category> <q9:DropDownList> <q9:Name>End a disconnected session</q9:Name> <q9:State>Enabled</q9:State> <q9:Value> <q9:Name>Never</q9:Name> </q9:Value> </q9:DropDownList> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Do not delete temp folder upon exit</q9:Name> <q9:State>Disabled</q9:State> <q9:Explain>Specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user logs off. If the status is set to Enabled, users' per-session temporary folders are retained when the user logs off from a session. If the status is set to Disabled, temporary folders are deleted when a user logs off, even if the administrator specifies otherwise in the Remote Desktop Session Host Configuration tool. If the status is set to Not Configured, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator. Note: This setting only takes effect if per-session temporary folders are in use on the server. That is, if you enable the "Do not use temporary folders per session" setting, this setting has no effect.</q9:Explain> <q9:Supported>At least Windows Server 2003</q9:Supported> <q9:Category>Windows Components/Remote Desktop Services/Remote Desktop Session Host/Temporary folders</q9:Category> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>Specify intranet Microsoft update service location</q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. To use this setting, you must set two servername values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. If the status is set to Enabled, the Automatic Updates client connects to the specified intranet Microsoft update service, instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization don't have to go through a firewall to get updates, and it gives you the opportunity to test updates before deploying them. If the status is set to Disabled or Not Configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. Note: If the "Configure Automatic Updates" policy is disabled, then this policy has no effect.</q9:Explain> <q9:Supported>At least Windows 2000 Service Pack 3 or Windows XP Professional Service Pack 1</q9:Supported> <q9:Category>Windows Components/Windows Update</q9:Category> <q9:EditText> <q9:Name>Set the intranet update service for detecting updates:</q9:Name> <q9:State>Enabled</q9:State> <q9:Value>http://CNSD1SSSCPM001.dir.saicgmac.com:8530</q9:Value> </q9:EditText> <q9:EditText> <q9:Name>Set the intranet statistics server:</q9:Name> <q9:State>Enabled</q9:State> <q9:Value>http://CNSD1SSSCPM001.dir.saicgmac.com:8530</q9:Value> </q9:EditText> <q9:Text> <q9:Name>(example: http://IntranetUpd01)</q9:Name> </q9:Text> </q9:Policy> <q9:Policy> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{0B676C17-E974-4960-986A-75755D028C9D}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:Name>URL address to be used instead of default ctldl.windowsupdate.com" </q9:Name> <q9:State>Enabled</q9:State> <q9:Explain>Enter a FILE or HTTP URL to use as the download location of the CTL files." </q9:Explain> <q9:Category>Windows AutoUpdate Settings" </q9:Category> <q9:EditText> <q9:Name>URL address to be used instead of default ctldl.windowsupdate.com" </q9:Name> <q9:State>Enabled</q9:State> <q9:Value>file://\\10.224.50.14\Share\CTL</q9:Value> </q9:EditText> </q9:Policy> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\SystemCertificates\FVE_NKP\CRLs</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\SystemCertificates\FVE\CRLs</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\SystemCertificates\FVE\Certificates</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Windows\EventLog\Security</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\SystemCertificates\DPNGRA\Certificates</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\SystemCertificates\FVE_NKP\CTLs</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\NetworkAccessProtection\ClientConfig\UI</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Windows\BITS</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Windows\EventLog\System</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\SystemCertificates\FVE_NKP\Certificates</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Windows\EventLog\Application</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Windows\BITS</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> <q9:Value> <q9:Name>EnableBitsMaxBandwidth</q9:Name> <q9:Number>0</q9:Number> </q9:Value> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">LocalGPO</Identifier> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\SystemCertificates\FVE\CTLs</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{0B676C17-E974-4960-986A-75755D028C9D}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Enroll\HcsGroups</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\SystemCertificates\DPNGRA\CTLs</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{D836F2F3-B8AB-4CC1-8433-81FF3E54F3B1}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\Internet Explorer\Main</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\SystemCertificates\DPNGRA\CRLs</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> <q9:RegistrySetting> <GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"> <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{A70D46E4-33C8-480F-B946-C857F880CA25}</Identifier> <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">dir.saicgmac.com</Domain> </GPO> <Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence> <q9:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall</q9:KeyPath> <q9:AdmSetting>false</q9:AdmSetting> </q9:RegistrySetting> </Extension> <Name xmlns="http://www.microsoft.com/GroupPolicy/Settings">Registry</Name> </ExtensionData> </ComputerResults> </Rsop> |