Sei sulla pagina 1di 74

DESCRIPCION DE SERVIDORES DE DOMINIO

Servidor MLDC01
NOMBRE DEL SERVIDOR: MODELO: NUMERO DE SERIE: DIRECCION IP: MEMORIA RAM: DISCOS: PROCESADORES: SISTEMA OPERATIVO: LOCALIDAD: APLICATIVO: ROLES: MLDC01 HP PROLIANT DL385 G2 2UX72600HR 10.170.62.206 4096 Mb 2 de 80 GB, RAID 1 + 0 2 de doble ncleo AMD Opteron Procesador @ 2.40 Ghz Microsoft(R) Windows(R) Server 2003, Enterprise Edition, Service Pack 2 (Build 3790) Apodaca - Nuevo Len, Monterrey Directorio Activo METLIFEMX Schema Owner, PDC Role, RID Pool Manager

Servidor MLDC02
NOMBRE DEL SERVIDOR: MODELO: NUMERO DE SERIE: DIRECCION IP: MEMORIA RAM: DISCOS: PROCESADORES: SISTEMA OPERATIVO: LOCALIDAD: APLICATIVO: ROLES: MLDC02 HP PROLIANT DL385 G2 2UX72600J8 10.170.62.207 4096 Mb 2 de 80 Gb, RAID 1 + 0 2 de doble ncleo AMD Opteron Procesador @ 2.40 Ghz Microsoft(R) Windows(R) Server 2003, Enterprise Edition, Service Pack 2 (Build 3790) Apodaca - Nuevo Len, Monterrey Directorio Activo METLIFEMX Domain Role Owner, Infraestructure Owner

Servidor MLDC03
NOMBRE DEL SERVIDOR: MODELO: NUMERO DE SERIE: DIRECCION IP: MEMORIA RAM: DISCOS: PROCESADORES: SISTEMA OPERATIVO: LOCALIDAD: APLICATIVO: ROLES: MLDC03 HP PROLIANT DL385 G2 2UX72600H7 10.170.62.208 4096 Mb 2 de 80 Gb, RAID 1 + 0 2 de doble ncleo AMD Opteron Procesador @ 2.40 Ghz Microsoft(R) Windows(R) Server 2003, Enterprise Edition, Service Pack 2 (Build 3790) Apodaca - Nuevo Len, Monterrey Directorio Activo - GENESIS PDC Role, RID Pool Manager, Infraestructure Owner

ESTRUCTURA DE DIRECTORIO ACTIVO


OUS

DETALLE DE OUS

POLITICAS APLICADAS: TOTAL DE LAS POLITICAS

Poltica DEFAULT DOMAIN CONTROLLERS POLICY STATUS: Enabled, Not Enforced, Not Linked Configuracion Afectada: Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy
Policy Enforce password history Maximum password age Minimum password age Minimum password length Password must meet complexity requirements Store passwords using reversible encryption Policy Setting 12 passwords remembered 60 days 1 days 6 characters Enabled Not Defined

Computer Configuration, Windows Settings, Security Settings, Account Policies, Account Lockout Policy
Policy Account lockout duration Account lockout threshold Reset account lockout counter after 0 5 invalid logon attempts 30 minutes Policy Setting

Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy
Policy Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events Policy Setting Success, Failure Success, Failure Failure Success, Failure Failure Success, Failure Success, Failure No auditing Failure

Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assigments
Policy Policy Setting Pre-Windows 2000 Compatible Access,Everyone,IUSR_METLIFE2X49IID,Administrators,Authenticated Users,ENTERPRISE DOMAIN CONTROLLERS METLIFEMX\SqlAdmins,METLIFEMX\Tivoli_Admin_Privileges METLIFEMX\Domain Admins,METLIFEMX\Migracion 2003,METLIFEMX\soportetecnico,METLIFEMX\sproyectos,METLIFEMX\yhe rna LOCAL SERVICE,Administrators,METLIFEMX\Tivoli_Admin_Privileges,NETWORK SERVICE,METLIFEMX\SqlAdmins Account Operators,Administrators,Backup Operators,IUSR_METLIFE2X49IID,MetlifemxUsers,Print Operators,Server Operators,tmersrvd,TsInternetUser Not Defined Administrators,Backup Operators,Server Operators Administrators,Authenticated Users,METLIFEMX\tmersrvd,Pre-Windows 2000 Compatible Access LOCAL SERVICE,Administrators,Server Operators Administrators Not Defined

Access this computer from the network Act as part of the operating system

Add workstations to domain

Adjust memory quotas for a process

Allow log on locally Allow log on through Terminal Services Back up files and directories Bypass traverse checking Change the system time Create a pagefile Create a token object Create global objects

Create permanent shared objects Debug programs Deny access to this computer from the network Deny log on as a batch job Deny log on as a service Deny log on locally Deny log on through Terminal Services Enable computer and user accounts to be trusted for delegation Force shutdown from a remote system Generate security audits Impersonate a client after authentication Increase scheduling priority Load and unload device drivers Lock pages in memory tivoli,SUPPORT_388945a0,misadmin,LOCAL SERVICE,jguerra,IWAM_METLIFE-2X49IID,IUSR_METLIFE2X49IID,IIS_WPG,cp_admin,cluadmin,Backup Operators,adwsus,admorcont,admoralesc,admorales,Adminsvfnpe,Admin svfnce,Adminsvce,AdminSun,adminsuid,adminprivacy,adminpar,Adminkyo cera2,Adminkyocera1,adminkyocera,Administrators,Administrator,Admini stradores de WSUS,Administradores de Usuarios,Administradores de Tivoli,Administradores de Impresoras,Administradores de Cuentas de Equipos,administradores de Antivirus,admincomp,adminatc,adminaforesvfnpe,adminaforesvfnce,admi n_d4_met,admin,admartinez,Adm_Lotus,adinvet,adadministrator adadministrator,adinvet,Adm_Lotus,admartinez,admin,admin_d4_met,Ad minaforesvfnce,Adminaforesvfnpe,adminatc,admincomp,Administradores de Antivirus,Administradores de Cuentas de Equipos,Administradores de Impresoras,Administradores de Tivoli,Administradores de Usuarios,Administradores de WSUS,Administrators,adminkyocera,adminkyocera1,adminkyocera2,admi npar,adminprivacy,adminsuid,AdminSun,Adminsvfnce,Adminsvfnpe,admo rales,admoralesc,admorcont,adwsus,Backup Operators,cluadmin,IIS_WPG,IWAM_METLIFE2X49IID,IWAM_SERVER4,jguerra,NETWORK SERVICE,sqladmin,tivoli Administrators Administrators Not Defined Administrators Administrators Administrators LOCAL SERVICE,METLIFEMX\Tivoli_Admin_Privileges,NETWORK SERVICE Administrators,Backup Operators,Server Operators Administrators,Backup Operators,Server Operators,Print Operators Administrators METLIFEMX\SUPPORT_388945a0 Not Defined Administrators Administrators,Server Operators LOCAL SERVICE,NETWORK SERVICE Not Defined Administrators Print Operators,Administrators Administrators METLIFEMX\SUPPORT_388945a0

Log on as a batch job

Log on as a service Manage auditing and security log Modify firmware environment values Perform volume maintenance tasks Profile single process Profile system performance Remove computer from docking station Replace a process level token Restore files and directories Shut down the system Synchronize directory service data Take ownership of files or other objects

Poltica DEFAULT DOMAIN POLICY STATUS: Enabled, Not Linked, Not enforced. Configuracin Afectada: Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy
Policy Enforce password history Maximum password age Minimum password age Minimum password length Password must meet complexity requirements Store passwords using reversible encryption Policy Setting 12 passwords remembered 60 days 1 days 6 characters Enabled Not Defined

Computer Configuration, Windows Settings, Security Settings, Account Policies, Account Lockout Policy
Policy Account lockout duration Account lockout threshold Reset account lockout counter after Policy Setting 30 minutes 4 invalid logon attempts 30 minutes

Computer Configuration, Windows Settings, Security Settings, Account Policies, Kerberos Policy
Policy Enforce user logon restrictions Maximum lifetime for service ticket Maximum lifetime for user ticket Maximum lifetime for user ticket renewal Maximum tolerance for computer clock synchronization Policy Setting Enabled 15 minutes 7 hours 34 days Not Defined

Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy
Policy Audit account logon events Audit account management Audit directory service Access Audit logon events Audit object Access Audit policy change Audit privilege use Policy Setting Success, Failure Success, Failure Failure Success, Failure Failure Success, Failure Success, Failure

Audit process tracking Audit system events

Not Defined Failure

Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assigments
Policy Access this computer from the network Act as part of the operating system Add workstations to domain Adjust memory quotas for a process Allow log on locally Allow log on through Terminal Services Back up files and directories Bypass traverse checking Change the system time Create a pagefile Create a token object Create global objects Create permanent shared objects Debug programs Deny access to this computer from the network Deny log on as a batch job Deny log on as a service Deny log on locally Deny log on through Terminal Services Enable computer and user accounts to be trusted for delegation Force shutdown from a remote system Generate security audits Impersonate a client after authentication Increase scheduling priority Load and unload device drivers Lock pages in memory Log on as a batch job Log on as a service Manage auditing and security log Modify firmware environment values Perform volume maintenance tasks Profile single process Profile system performance Remove computer from docking station Replace a process level token Policy Setting Not Defined Not Defined METLIFEMX\Migracion 2003 Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Restore files and directories

Not Defined

Poltica LOG ON INTERACTIVO STATUS: Enabled, Not Linked, Not enforced. Configuracin Afectada: Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options
Policy Accounts: Administrator account status Accounts: Guest account status Not Defined Not Defined Policy Setting

Accounts: Limit local account use of blank passwords to console logon only Accounts: Rename administrator account Accounts: Rename guest account Audit: Audit the access of global system objects Audit: Audit the use of Backup and Restore privilege

Not Defined Not Defined Not Defined Not Defined Not Defined

Audit: Shut down system immediately if unable to log security audits Not Defined

DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined

DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax

Not Defined

Devices: Allow undock without having to log on Not Defined Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers Not Defined Not Defined

Devices: Restrict CD-ROM access to locally logged-on user only

Not Defined

Devices: Restrict floppy access to locally logged-on user only Devices: Unsigned driver installation behavior

Not Defined Not Defined

Domain controller: Allow server operators to schedule tasks Domain controller: LDAP server signing requirements

Not Defined Not Defined

Domain controller: Refuse machine account password changes

Not Defined

Domain member: Digitally encrypt or sign secure channel data (always)

Not Defined

Domain member: Digitally encrypt secure channel data (when possible)

Not Defined

Domain member: Digitally sign secure channel data (when possible)

Not Defined

Domain member: Disable machine account password changes

Not Defined

Domain member: Maximum machine account password age

Not Defined

Domain member: Require strong (Windows 2000 or later) session key

Not Defined

Interactive logon: Display user information when the session is locked Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL

Not Defined Not Defined Not Defined

Interactive logon: Message text for users attempting to log on

Te informamos que a partir del prximo 9 de Junio, se implementara la poltica de MetLife MLM-POL-504 para una contrasea segura, por lo que debers cambiar tu contrasea tomando en cuenta los siguientes parmetros:,Longitud de al menos 6 caracteres combinados, los cuales pueden ser:,Letras Maysculas,Letras minsculas,Nmeros,Debers cambiar tu contrasea cada 60 das, por lo que el sistema te notificar con 5 das de anticipacin.,Al cambiar tu contrasea no podrs re-utilizar las ltimas cinco contraseas usadas.,Se bloqueara el acceso a tu sesin de Windows despus de 5 intentos fallidos.

Interactive logon: Message title for users attempting to log on

BIENVENIDO A LA RED DE METLIFE

Interactive logon: Number of previous logons to cache (in case domain controller is not available)

Not Defined

Interactive logon: Prompt user to change password before expiration

5 days

Interactive logon: Require Domain Controller authentication to unlock workstation Interactive logon: Require smart card

Not Defined Not Defined

Interactive logon: Smart card removal behavior Not Defined

Microsoft network client: Digitally sign communications (always)

Not Defined

Microsoft network client: Digitally sign communications (if server agrees)

Not Defined

Microsoft network client: Send unencrypted password to third-party SMB servers

Not Defined

Microsoft network server: Amount of idle time required before suspending session

Not Defined

Microsoft network server: Digitally sign communications (always)

Not Defined

Microsoft network server: Digitally sign communications (if client agrees)

Not Defined

Microsoft network server: Disconnect clients when logon hours expire

Not Defined

Network access: Allow anonymous SID/Name translation

Not Defined

Network access: Do not allow anonymous enumeration of SAM accounts

Not Defined

Network access: Do not allow anonymous enumeration of SAM accounts and shares

Not Defined

Network access: Do not allow storage of credentials or .NET Passports for network authentication

Not Defined

Network access: Let Everyone permissions apply to anonymous users

Not Defined

Network access: Named Pipes that can be accessed anonymously Network access: Remotely accessible registry paths

Not Defined Not Defined

Network access: Remotely accessible registry paths and sub-paths

Not Defined

Network access: Restrict anonymous access to Named Pipes and Shares Network access: Shares that can be accessed anonymously

Not Defined Not Defined

Network access: Sharing and security model for local accounts

Not Defined

Network security: Do not store LAN Manager hash value on next password change Network security: Force logoff when logon hours expire

Not Defined Not Defined

Network security: LAN Manager authentication level Not Defined Network security: LDAP client signing requirements Not Defined

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients

Not Defined

Network security: Minimum session security for NTLM SSP based (including secure RPC) servers

Not Defined

Recovery console: Allow automatic administrative logon

Not Defined

Recovery console: Allow floppy copy and access to all drives and all folders

Not Defined

Shutdown: Allow system to be shut down without having to log on Shutdown: Clear virtual memory pagefile System cryptography: Force strong key protection for user keys stored on the computer

Not Defined Not Defined

Not Defined

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Not Defined

System objects: Default owner for objects created by members of the Administrators group

Not Defined

System objects: Require case insensitivity for non-Windows subsystems

Not Defined

Poltica METLIFE PASSWORD POLICY STATUS: Enabled, Linked to metlife.com.mx, Not enforced. Configuracin Afectada: Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy
Policy Enforce password history Maximum password age Minimum password age Minimum password length Password must meet complexity requirements Store passwords using reversible encryption Policy Setting 12 passwords remembered 60 days 1 days 6 characters Enabled Not Defined

Computer Configuration, Windows Settings, Security Settings, Account Policies, Account Lockout Policy
Policy Account lockout duration Account lockout threshold Reset account lockout counter after Policy Setting 30 minutes 4 invalid logon attempts 30 minutes

Computer Configuration, Windows Settings, Security Settings, Account Policies, Kerberos Policy
Policy Enforce user logon restrictions Maximum lifetime for service ticket Maximum lifetime for user ticket Maximum lifetime for user ticket renewal Maximum tolerance for computer clock synchronization Policy Setting Enabled 15 minutes 10 hours 34 days 30 minutes

Poltica MOVIL ESPECIAL STATUS: Enabled, Not Enforced, Linked to:

Configuracin Afectada: User Configuration, Administrative Templates, Control Panel, Show only specified Control Panel Applets
Setting Add or Remove Programs Display Printers Regional and Language Options Prohibit access to the Control Panel Hide specified Control Panel applets Show only specified Control Panel applets Force classic Control Panel Style Not configured Not configured Enabled Not configured State

User Configuration, Administrative Templates, Control Panel, Display


Setting Desktop Themes Remove Display in Control Panel Hide Desktop tab Prevent changing wallpaper Hide Appearance and Themes tab Hide Settings tab Hide Screen Saver tab Screen Saver Screen Saver executable name Password protect the screen saver Screen Saver timeout Enabled Not configured Not configured Not configured Not configured Not configured Enabled Enabled Enabled Enabled State

User Configuration, Administrative Templates, Control Panel, screensaver timeout

Poltica NEW GROUP POLICY OBJECT STATUS: Enabled, Not Enforced, Not Linked Configuracin Afectada: User Configuration, Administrative Templates, Control Panel, screensaver timeout
Setting Desktop Themes Remove Display in Control Panel Hide Desktop tab Prevent changing wallpaper Hide Appearance and Themes tab Hide Settings tab Hide Screen Saver tab Screen Saver Screen Saver executable name Password protect the screen saver Screen Saver timeout Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Enabled State

Poltica PASSWORD POLICY SERVICE ACCOUNTS STATUS: Enabled, Not Enforced, Not Linked Configuracin Afectada: Computer Configuration, Windows Settings ,Security Settings, Account policies, Password policy
Policy Enforce password history Maximum password age Minimum password age Minimum password length Password must meet complexity requirements Store passwords using reversible encryption 30 days Not Defined Not Defined Not Defined Policy Setting Not Defined 0

Poltica PLANTILLA DESARROLLO STATUS: Enabled, Not Enforced, Linked to:

Configuracin Afectada: User Configuration, Windows Settings, scripts, logon

User Configuration, Windows Settings, Security Settings, Public key Settings, Autoenrollment Settings,

User Configuration, Windows Settings, Internet Explorer Maintenance, URLs, Important URLs

User Configuration, Windows Settings, Administrative Templates, Control Panel

User Configuration, Windows Settings, Administrative Templates, Control Panel, Display


Setting Desktop Themes Remove Display in Control Panel Hide Desktop tab Prevent changing wallpaper Hide Appearance and Themes tab Hide Settings tab Hide Screen Saver tab Screen Saver Screen Saver executable name Password protect the screen saver Screen Saver timeout Enabled Not configured Not configured Not configured Not configured Not configured Enabled Enabled Enabled Enabled State

User Configuration, Windows Settings, Administrative Templates, Network, Network Templates


Setting Ability to rename LAN connections or remote access connections available to all users Prohibit access to properties of components of a LAN connection Prohibit access to properties of components of a remote access connection Prohibit TCP/IP advanced configuration Prohibit access to the Advanced Settings item on the Advanced menu Prohibit adding and removing components for a LAN or remote access connection Prohibit access to properties of a LAN connection Prohibit Enabling/Disabling components of a LAN connection Ability to change properties of an all user remote access connection Prohibit changing properties of a private remote access connection Prohibit deletion of remote access connections Ability to delete all user remote access connections Prohibit connecting and disconnecting a remote access connection Ability to Enable/Disable a LAN connection Prohibit access to the New Connection Wizard Ability to rename LAN connections Ability to rename all user remote access connections Prohibit renaming private remote access connections Prohibit access to the Remote Access Preferences item on the Advanced menu Prohibit viewing of status for an active connection Enable Windows 2000 Network Connections settings for Administrators Turn off notifications when a connection has only limited or no connectivity State Not configured Enabled Not configured Enabled Enabled Enabled Enabled Enabled Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Enabled Not configured

User Configuration, Administrative Templates, System, Logon


Setting Run these programs at user logon Do not process the run once list Do not process the legacy run list State Enabled Not configured Not configured

User Configuration, Administrative Templates, Windows Components, Internet Explorer, Internet Control Panel, Advanced Page
Setting Do not allow resetting Internet Explorer settings Automatically check for Internet Explorer updates Allow Install On Demand (Internet Explorer) Allow Install On Demand (except Internet Explorer) Allow third-party browser extensions Play animations in web pages Play sounds in web pages Play videos in web pages Allow active content from CDs to run on user machines Allow software to run or install even if the signature is invalid Check for server certificate revocation Check for signatures on downloaded programs Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is closed Turn off Profile Assistant Turn off ClearType State Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Enabled Not configured Not configured

User Configuration, Administrative Templates, Windows Components, Windows Messenger


Setting Do not allow Windows Messenger to be run Do not automatically start Windows Messenger initially State Enabled Enabled

Poltica PLANTILLA MOVIL STATUS: Enabled, Not Enforced, Linked to:

Configuracin Afectada: User Configuration, Windows Settings, Scripts, Logon

User configuration, Security Settings, Public Key Policies, Autoenrollment

User configuration, Internet Explorer Maintenance, URLs, Important URLs

User configuration, Administrative Templates, Control Panel


Setting Add or Remove Programs Display Printers Regional and Language Options Prohibit access to the Control Panel Hide specified Control Panel applets Show only specified Control Panel applets Force classic Control Panel Style Not configured Not configured Enabled Not configured State

User configuration, Administrative Templates, Control Panel, Display


Setting Desktop Themes Remove Display in Control Panel Hide Desktop tab Prevent changing wallpaper Hide Appearance and Themes tab Hide Settings tab Hide Screen Saver tab Screen Saver Screen Saver executable name Password protect the screen saver Screen Saver timeout Enabled Not configured Not configured Not configured Not configured Not configured Enabled Enabled Enabled Enabled State

User configuration, Administrative Templates, Windows Components, Internet Explorer, Internet Control Panel, Advanced Page
Setting Do not allow resetting Internet Explorer settings Automatically check for Internet Explorer updates Allow Install On Demand (Internet Explorer) Allow Install On Demand (except Internet Explorer) Allow third-party browser extensions Play animations in web pages Play sounds in web pages Play videos in web pages Allow active content from CDs to run on user machines Allow software to run or install even if the signature is invalid Check for server certificate revocation Check for signatures on downloaded programs Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is closed Turn off Profile Assistant Turn off ClearType State Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Enabled Not configured Not configured

User configuration, Administrative Templates, Windows Components, Windows Messenger


Setting Do not allow Windows Messenger to be run Do not automatically start Windows Messenger initially State Enabled Enabled

Poltica PLANTILLA DRIVERS EXTERNOS STATUS: Enabled, Not Enforced, Not Linked Configuracin Afectada: No esta afectando nada, solo esta habilitada.

Poltica PLANTILLA ESTANDAR STATUS: Enabled, Not Enforced, Linked to:

Configuracin Afectada: User configuration, Windows Settings, Scripts, Logon

User configuration, Windows Settings, Security Settings, Public Keys Policies, Autoenrrolment Settings

User configuration, Windows Settings, Security Settings, software Restriction Policies

User configuration, Windows Settings, Security Settings, software Restriction Policies, Security Levels

User configuration, Windows Settings, Security Settings, software Restriction Policies, Security Levels
Name %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% Security Level Unrestricted Unrestricted Unrestricted Unrestricted

User configuration, Windows Settings, Security Settings, Internet Explorer Maintenance, URLS, Importants URLSs

User configuration, Administrative Templates, Control Panel


Setting Add or Remove Programs Display Printers Regional and Language Options Prohibit access to the Control Panel Hide specified Control Panel applets Show only specified Control Panel applets Force classic Control Panel Style Enabled Not configured Not configured Not configured State

User configuration, Administrative Templates, Control Panel, Display


Setting Desktop Themes Remove Display in Control Panel Hide Desktop tab Prevent changing wallpaper Hide Appearance and Themes tab Hide Settings tab Hide Screen Saver tab Screen Saver Screen Saver executable name Password protect the screen saver Screen Saver timeout Enabled Not configured Not configured Not configured Not configured Not configured Enabled Enabled Enabled Enabled State

User configuration, Administrative Templates, Network, Network Connections


Setting Ability to rename LAN connections or remote access connections available to all users Prohibit access to properties of components of a LAN connection Prohibit access to properties of components of a remote access connection Prohibit TCP/IP advanced configuration Prohibit access to the Advanced Settings item on the Advanced menu Prohibit adding and removing components for a LAN or remote access connection Prohibit access to properties of a LAN connection Prohibit Enabling/Disabling components of a LAN connection Ability to change properties of an all user remote access connection Prohibit changing properties of a private remote access connection Prohibit deletion of remote access connections Ability to delete all user remote access connections Prohibit connecting and disconnecting a remote access connection State Not configured Enabled Not configured Enabled Enabled Enabled Enabled Enabled Not configured Not configured Not configured Not configured Not configured

Ability to Enable/Disable a LAN connection Prohibit access to the New Connection Wizard Ability to rename LAN connections Ability to rename all user remote access connections Prohibit renaming private remote access connections Prohibit access to the Remote Access Preferences item on the Advanced menu Prohibit viewing of status for an active connection Enable Windows 2000 Network Connections settings for Administrators Turn off notifications when a connection has only limited or no connectivity

Disabled Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured

User configuration, Administrative Templates, Windows Components, Internet Explorer, Internet Control Panel, Advanced Page
Setting Do not allow resetting Internet Explorer settings Automatically check for Internet Explorer updates Allow Install On Demand (Internet Explorer) Allow Install On Demand (except Internet Explorer) Allow third-party browser extensions Play animations in web pages Play sounds in web pages Play videos in web pages Allow active content from CDs to run on user machines Allow software to run or install even if the signature is invalid Check for server certificate revocation Check for signatures on downloaded programs Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is closed Turn off Profile Assistant Turn off ClearType State Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Enabled Not configured Not configured

User configuration, Administrative Templates, Windows Components, Windows Messenger


Setting Do not allow Windows Messenger to be run Do not automatically start Windows Messenger initially State Enabled Enabled

Poltica PLANTILLA WSUS STATUS: Enabled, Not Enforced, Linked to:

Configuracin Afectada: Computer Configuration, Administrative Templates, Windows Components, Windows Update
Setting Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Configure Automatic Updates Specify intranet Microsoft update service location Enable client-side targeting Reschedule Automatic Updates scheduled installations No auto-restart for scheduled Automatic Updates installations Automatic Updates detection frequency Allow Automatic Updates immediate installation Delay Restart for scheduled installations Re-prompt for restart with scheduled installations Allow non-administrators to receive update notifications Enable recommended updates via Automatic Updates Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates Allow signed content from intranet Microsoft update service location State Not configured Not configured Enabled Enabled Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured

Poltica PLANTILLA WSUS STATUS: Enabled, Not Enforced, Linked to:

Configuracin Afectada: Computer Configuration, Windows Settings, Scripts, Startup

Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy
Policy Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events Policy Setting Success Success Not Defined Success No auditing Success No auditing No auditing Success

Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assigments
Policy Access this computer from the network Act as part of the operating system Add workstations to domain Adjust memory quotas for a process Allow log on locally Allow log on through Terminal Services Back up files and directories Bypass traverse checking Change the system time Create a pagefile Create a token object Create global objects Create permanent shared objects Debug programs Deny access to this computer from the network Deny log on as a batch job Deny log on as a service Deny log on locally Deny log on through Terminal Services Enable computer and user accounts to be trusted for delegation Force shutdown from a remote system Generate security audits Impersonate a client after authentication Increase scheduling priority Load and unload device drivers Lock pages in memory Not Defined Not Defined Administrators,Users Not Defined Not Defined Not Defined Administrators Administrators Not Defined Not Defined Not Defined Administrators Guest,Support_388945a0 Not Defined Not Defined Not Defined Not Defined Not Defined Administrators LOCAL SERVICE,NETWORK SERVICE Not Defined Administrators Administrators Policy Setting Not Defined

Log on as a batch job Log on as a service Manage auditing and security log Modify firmware environment values Perform volume maintenance tasks Profile single process Profile system performance Remove computer from docking station Replace a process level token Restore files and directories Shut down the system Synchronize directory service data Take ownership of files or other objects

Not Defined Not Defined Administrators Administrators Administrators Not Defined Administrators Administrators,Users LOCAL SERVICE,NETWORK SERVICE Not Defined Administrators,Users Not Defined Administrators

Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options
Policy Accounts: Administrator account status Accounts: Guest account status Accounts: Limit local account use of blank passwords to console logon only Accounts: Rename administrator account Accounts: Rename guest account Audit: Audit the access of global system objects Audit: Audit the use of Backup and Restore privilege Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Policy Setting

Audit: Shut down system immediately if unable to log security audits Not Defined DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined Devices: Allow undock without having to log on Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers Devices: Restrict CD-ROM access to locally logged-on user only Devices: Restrict floppy access to locally logged-on user only Devices: Unsigned driver installation behavior Domain controller: Allow server operators to schedule tasks Domain controller: LDAP server signing requirements Not Defined Administrators and Interactive Users Not Defined Not Defined Not Defined Warn but allow installation Not Defined Not Defined

Domain controller: Refuse machine account password changes Domain member: Digitally encrypt or sign secure channel data (always) Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Domain member: Disable machine account password changes Domain member: Maximum machine account password age Domain member: Require strong (Windows 2000 or later) session key Interactive logon: Display user information when the session is locked Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Interactive logon: Number of previous logons to cache (in case domain controller is not available) Interactive logon: Prompt user to change password before expiration Interactive logon: Require Domain Controller authentication to unlock workstation Interactive logon: Require smart card

Not Defined Not Defined Not Defined Not Defined Not Defined 30 days Not Defined Not Defined Not Defined Disabled Not Defined Not Defined

2 logons 14 days Not Defined Not Defined

Interactive logon: Smart card removal behavior Not Defined Microsoft network client: Digitally sign communications (always) Not Defined Microsoft network client: Digitally sign communications (if server agrees) Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network server: Amount of idle time required before suspending session Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire Network access: Allow anonymous SID/Name translation Not Defined Not Defined 15 minutes Not Defined Not Defined Not Defined Not Defined

Network access: Do not allow anonymous enumeration of SAM accounts Network access: Do not allow anonymous enumeration of SAM accounts and shares Network access: Do not allow storage of credentials or .NET Passports for network authentication Network access: Let Everyone permissions apply to anonymous users Network access: Named Pipes that can be accessed anonymously Network access: Remotely accessible registry paths Network access: Remotely accessible registry paths and sub-paths Network access: Restrict anonymous access to Named Pipes and Shares Network access: Shares that can be accessed anonymously Network access: Sharing and security model for local accounts Network security: Do not store LAN Manager hash value on next password change Network security: Force logoff when logon hours expire Network security: LAN Manager authentication level Network security: LDAP client signing requirements Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Recovery console: Allow automatic administrative logon Recovery console: Allow floppy copy and access to all drives and all folders Shutdown: Allow system to be shut down without having to log on Shutdown: Clear virtual memory pagefile System cryptography: Force strong key protection for user keys stored on the computer

Not Defined Not Defined

Enabled Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Classic - local users authenticate as themselves Not Defined Not Defined Send NTLMv2 response only\refuse LM Not Defined Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption Disabled Not Defined Not Defined Disabled

Not Defined

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Not Defined System objects: Default owner for objects created by members of the Administrators group Object creator System objects: Require case insensitivity for non-Windows subsystems Not Defined

System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) System settings: Optional subsystems System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies

Not Defined Not Defined

Not Defined

Computer Configuration, Windows Settings, Security Settings, Local Policies, Event Log
Policy Maximum application log size Maximum security log size Maximum system log size Prevent local guests group from accessing application log Prevent local guests group from accessing security log Prevent local guests group from accessing system log Retain application log Retain security log Retain system log Retention method for application log Retention method for security log Retention method for system log Policy Setting 16384 kilobytes 81920 kilobytes 16384 kilobytes Enabled Enabled Enabled Not Defined Not Defined Not Defined As needed As needed As needed

Computer Configuration, Windows Settings, Security Settings, Local Policies, Restricted Groups
Group Name Administradores Members Administrador,Administrator,METLIFEMX\Domain Admins,METLIFEMX\MetlifeMXLocal,METLIFEMX\MetlifemxUsers

Computer Configuration, Windows Settings, Security Settings, Local Policies, System Services
Service Name .NET Runtime Optimization Service v2.0.50727_X86 Alerter Application Experience Lookup Service Application Layer Gateway Service Application Management ASP.NET State Service Automatic Updates Startup Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Permission Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Background Intelligent Transfer Service ClipBook COM+ Event System COM+ System Application Computer Browser Cryptographic Services DCOM Server Process Launcher DHCP Client Distributed File System Distributed Link Tracking Client Distributed Link Tracking Server Distributed Transaction Coordinator DNS Client DNS Server Error Reporting Service Event Log Fax File Replication Help and Support HP ProLiant Remote Monitor Service HP ProLiant System Shutdown Service HP Smart Array SAS/SATA Event Notification Service HP System Management Homepage HTTP SSL Human Interface Device Access IISADMIN IMAPI CD-Burning COM Service Indexing Service Intersite Messaging IPSEC Services Kerberos Key Distribution Center License Logging Logical Disk Manager Logical Disk Manager Administrative Service McAfee Framework Service Messenger Microsoft Software Shadow Copy Provider MSFtpsvc Net Logon NetMeeting Remote Desktop Sharing Network Associates McShield Network Associates Task Manager

Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Automatic Not Defined Disabled Not Defined Not Defined Not Defined Not Defined

Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Configured Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Network Connections Network DDE Network DDE DSDM Network Location Awareness (NLA) Network Provisioning Service NT LM Security Support Provider Performance Logs and Alerts Plug and Play Portable Media Serial Number Service Print Spooler Protected Storage Quest InTrust Plug-in for Active Directory Service Remote Access Auto Connection Manager Remote Access Connection Manager Remote Desktop Help Session Manager Remote Procedure Call (RPC) Remote Procedure Call (RPC) Locator Remote Registry Removable Storage Resultant Set of Policy Provider Routing and Remote Access Secondary Logon Security Accounts Manager Server Shell Hardware Detection Smart Card Smart Card Helper SNMP SNMPTRAP Special Administration Console Helper SSDPSRV System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telephony Telnet Terminal Services Terminal Services Session Directory Themes Uninterruptible Power Supply Utility Manager Virtual Disk Service

Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Disabled Disabled Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Configured Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Configured Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

VNC Server Volume Shadow Copy W3SVC WebClient Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Image Acquisition (WIA) Windows Installer Windows Management Instrumentation Windows Management Instrumentation Driver Extensions Windows Time Windows User Mode Driver Framework WinHTTP Web Proxy Auto-Discovery Service Wireless Configuration WMI Performance Adapter

Not Defined Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Computer Confuguration, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile
Setting Windows Firewall: Protect all network connections Windows Firewall: Do not allow exceptions Windows Firewall: Define program exceptions Windows Firewall: Allow local program exceptions Windows Firewall: Allow remote administration exception Windows Firewall: Allow file and printer sharing exception Windows Firewall: Allow ICMP exceptions Windows Firewall: Allow Remote Desktop exception Windows Firewall: Allow UPnP framework exception Windows Firewall: Prohibit notifications Windows Firewall: Allow logging Windows Firewall: Prohibit unicast response to multicast or broadcast requests Windows Firewall: Define port exceptions Windows Firewall: Allow local port exceptions State Disabled Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured

User Configuration, Administrative Templates, Network, Network Connections


Setting Ability to rename LAN connections or remote access connections available to all users Prohibit access to properties of components of a LAN connection Prohibit access to properties of components of a remote access connection Prohibit TCP/IP advanced configuration Prohibit access to the Advanced Settings item on the Advanced menu Prohibit adding and removing components for a LAN or remote access connection State Not configured Enabled Not configured Enabled Not configured Enabled

Prohibit access to properties of a LAN connection Prohibit Enabling/Disabling components of a LAN connection Ability to change properties of an all user remote access connection Prohibit changing properties of a private remote access connection Prohibit deletion of remote access connections Ability to delete all user remote access connections Prohibit connecting and disconnecting a remote access connection Ability to Enable/Disable a LAN connection Prohibit access to the New Connection Wizard Ability to rename LAN connections Ability to rename all user remote access connections Prohibit renaming private remote access connections Prohibit access to the Remote Access Preferences item on the Advanced menu Prohibit viewing of status for an active connection

Enabled Enabled Not configured Not configured Not configured Not configured Not configured Not configured Enabled Not configured Not configured Not configured Not configured Not configured

Poltica SEGURIDAD INTERMEDIA LAPTOP STATUS: Enabled, Not Enforced, Linked to:

Configuracin Afectada: Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy
Policy Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events Policy Setting Success Success Not Defined Success No auditing Success No auditing No auditing Success

Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assigments
Policy Access this computer from the network Act as part of the operating system Add workstations to domain Adjust memory quotas for a process Allow log on locally Allow log on through Terminal Services Back up files and directories Bypass traverse checking Change the system time Create a pagefile Create a token object Create global objects Create permanent shared objects Debug programs Deny access to this computer from the network Deny log on as a batch job Deny log on as a service Deny log on locally Deny log on through Terminal Services Enable computer and user accounts to be trusted for delegation Force shutdown from a remote system Generate security audits Impersonate a client after authentication Increase scheduling priority Not Defined Not Defined Administrators,Users Not Defined Not Defined Not Defined Administrators Administrators Not Defined Not Defined Not Defined Administrators Guest,Support_388945a0 Not Defined Not Defined Not Defined Not Defined Not Defined Administrators LOCAL SERVICE,NETWORK SERVICE Not Defined Administrators Policy Setting Not Defined

Load and unload device drivers Lock pages in memory Log on as a batch job Log on as a service Manage auditing and security log Modify firmware environment values Perform volume maintenance tasks Profile single process Profile system performance Remove computer from docking station Replace a process level token Restore files and directories Shut down the system Synchronize directory service data Take ownership of files or other objects

Administrators Not Defined Not Defined Administrators Administrators Administrators Not Defined Administrators Administrators,Users LOCAL SERVICE,NETWORK SERVICE Not Defined Administrators,Users Not Defined Administrators

Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options
Policy Accounts: Administrator account status Accounts: Guest account status Accounts: Limit local account use of blank passwords to console logon only Accounts: Rename administrator account Accounts: Rename guest account Audit: Audit the access of global system objects Audit: Audit the use of Backup and Restore privilege Audit: Shut down system immediately if unable to log security audits Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Policy Setting

DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax

Not Defined

DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Devices: Allow undock without having to log on Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers

Not Defined Not Defined Administrators and Interactive Users Not Defined

Devices: Restrict CD-ROM access to locally loggedon user only Devices: Restrict floppy access to locally logged-on user only Devices: Unsigned driver installation behavior Domain controller: Allow server operators to schedule tasks Domain controller: LDAP server signing requirements Domain controller: Refuse machine account password changes Domain member: Digitally encrypt or sign secure channel data (always) Domain member: Digitally encrypt secure channel data (when possible)

Not Defined Not Defined Warn but allow installation Not Defined Not Defined Not Defined Not Defined Not Defined

Domain member: Digitally sign secure channel data (when possible) Not Defined Domain member: Disable machine account password changes Domain member: Maximum machine account password age Domain member: Require strong (Windows 2000 or later) session key Interactive logon: Display user information when the session is locked Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Not Defined 30 days Not Defined Not Defined Not Defined Disabled Not Defined Not Defined

Interactive logon: Number of previous logons to cache (in case domain controller is not available) Interactive logon: Prompt user to change password before expiration

2 logons 14 days

Interactive logon: Require Domain Controller authentication to unlock workstation Interactive logon: Require smart card

Not Defined Not Defined

Interactive logon: Smart card removal behavior Microsoft network client: Digitally sign communications (always) Microsoft network client: Digitally sign communications (if server agrees)

Not Defined Not Defined Not Defined

Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network server: Amount of idle time required before suspending session Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire Network access: Allow anonymous SID/Name translation Network access: Do not allow anonymous enumeration of SAM accounts Network access: Do not allow anonymous enumeration of SAM accounts and shares Network access: Do not allow storage of credentials or .NET Passports for network authentication Network access: Let Everyone permissions apply to anonymous users

Not Defined 15 minutes Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Enabled Disabled

Network access: Named Pipes that can be accessed anonymously Not Defined Network access: Remotely accessible registry paths Network access: Remotely accessible registry paths and sub-paths Network access: Restrict anonymous access to Named Pipes and Shares Network access: Shares that can be accessed anonymously Network access: Sharing and security model for local accounts Not Defined Not Defined Not Defined Not Defined Classic - local users authenticate as themselves

Network security: Do not store LAN Manager hash value on next password change

Not Defined

Network security: Force logoff when logon hours expire Network security: LAN Manager authentication level

Not Defined Send NTLMv2 response only\refuse LM

Network security: LDAP client signing requirements Not Defined Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption Disabled Not Defined Not Defined Disabled

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients

Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Recovery console: Allow automatic administrative logon Recovery console: Allow floppy copy and access to all drives and all folders Shutdown: Allow system to be shut down without having to log on Shutdown: Clear virtual memory pagefile

System cryptography: Force strong key protection for user keys stored on the computer

Not Defined

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Not Defined

System objects: Default owner for objects created by members of the Administrators group

Object creator

System objects: Require case insensitivity for nonWindows subsystems

Not Defined

System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) System settings: Optional subsystems

Not Defined Not Defined

System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies

Not Defined

Computer Configuration, Windows Settings, Security Settings, Local Policies, event log
Policy Maximum application log size Maximum security log size Maximum system log size Prevent local guests group from accessing application log Prevent local guests group from accessing security log Prevent local guests group from accessing system log Retain application log Retain security log Retain system log Retention method for application log Retention method for security log Retention method for system log Policy Setting 16384 kilobytes 81920 kilobytes 16384 kilobytes Enabled Enabled Enabled Not Defined Not Defined Not Defined As needed As needed As needed

Computer Configuration, Windows Settings, Security Settings, Local Policies, Restricted Groups
Group Name Administradores Members Administrador,Administrator,METLIFEMX\Domain Admins,METLIFEMX\MetlifeMXLocal,METLIFEMX\MetlifemxUsers

Computer Configuration, Windows Settings, Security Settings, Local Policies,System Services


Service Name .NET Runtime Optimization Service v2.0.50727_X86 Alerter Application Experience Lookup Service Application Layer Gateway Service Application Management ASP.NET State Service Automatic Updates Background Intelligent Transfer Service ClipBook COM+ Event System COM+ System Application Computer Browser Cryptographic Services DCOM Server Process Launcher DHCP Client Distributed File System Distributed Link Tracking Client Distributed Link Tracking Server Startup Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Permission Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Distributed Transaction Coordinator DNS Client DNS Server Error Reporting Service Event Log Fax File Replication Help and Support HP ProLiant Remote Monitor Service HP ProLiant System Shutdown Service HP Smart Array SAS/SATA Event Notification Service HP System Management Homepage HTTP SSL Human Interface Device Access IISADMIN IMAPI CD-Burning COM Service Indexing Service Intersite Messaging IPSEC Services Kerberos Key Distribution Center License Logging Logical Disk Manager Logical Disk Manager Administrative Service McAfee Framework Service Messenger Microsoft Software Shadow Copy Provider MSFtpsvc Net Logon NetMeeting Remote Desktop Sharing Network Associates McShield Network Associates Task Manager Network Connections Network DDE Network DDE DSDM Network Location Awareness (NLA) Network Provisioning Service NT LM Security Support Provider Performance Logs and Alerts Plug and Play Portable Media Serial Number Service Print Spooler Protected Storage

Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Automatic Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Configured Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Quest InTrust Plug-in for Active Directory Service Remote Access Auto Connection Manager Remote Access Connection Manager Remote Desktop Help Session Manager Remote Procedure Call (RPC) Remote Procedure Call (RPC) Locator Remote Registry Removable Storage Resultant Set of Policy Provider Routing and Remote Access Secondary Logon Security Accounts Manager Server Shell Hardware Detection Smart Card Smart Card Helper SNMP SNMPTRAP Special Administration Console Helper SSDPSRV System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telephony Telnet Terminal Services Terminal Services Session Directory Themes Uninterruptible Power Supply Utility Manager Virtual Disk Service VNC Server Volume Shadow Copy W3SVC WebClient Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Image Acquisition (WIA) Windows Installer Windows Management Instrumentation Windows Management Instrumentation Driver Extensions Windows Time

Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Disabled Disabled Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Disabled Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Configured Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Configured Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined

Windows User Mode Driver Framework WinHTTP Web Proxy Auto-Discovery Service Wireless Configuration WMI Performance Adapter Workstation

Not Defined Not Defined Not Defined Not Defined Not Defined

Not Defined Not Defined Not Defined Not Defined Not Defined

Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile
Setting Windows Firewall: Protect all network connections Windows Firewall: Do not allow exceptions Windows Firewall: Define program exceptions Windows Firewall: Allow local program exceptions Windows Firewall: Allow remote administration exception Windows Firewall: Allow file and printer sharing exception Windows Firewall: Allow ICMP exceptions Windows Firewall: Allow Remote Desktop exception Windows Firewall: Allow UPnP framework exception Windows Firewall: Prohibit notifications Windows Firewall: Allow logging Windows Firewall: Prohibit unicast response to multicast or broadcast requests Windows Firewall: Define port exceptions Windows Firewall: Allow local port exceptions State Disabled Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured

Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall, Estandar Profile
Setting Windows Firewall: Protect all network connections Windows Firewall: Do not allow exceptions Windows Firewall: Define program exceptions Windows Firewall: Allow local program exceptions Windows Firewall: Allow remote administration exception Windows Firewall: Allow file and printer sharing exception Windows Firewall: Allow ICMP exceptions Windows Firewall: Allow Remote Desktop exception Windows Firewall: Allow UPnP framework exception Windows Firewall: Prohibit notifications Windows Firewall: Allow logging Windows Firewall: Prohibit unicast response to multicast or broadcast requests Windows Firewall: Define port exceptions Windows Firewall: Allow local port exceptions State Disabled Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured

ESQUEMA DE REPLICACION:

MLDC01 replica con:

MLDC02 replica con:

MLDC03 replica con:

NIVEL FUNCIONAL: DOMINIO: METLIFEMX

Relaciones de Confianza:

DOMINIO: GENESIS

Relaciones de confianza:

GRUPOS: