From anon, 1 Month ago, written in Plain Text.
This paste will die in 1 Second.
Embed
  1. <?xml version="1.0" encoding="utf-16"?>
  2.  
  3. <report>
  4.  
  5. <GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
  6.   <Identifier>
  7.     <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{24C2D749-A059-40ED-AA0F-21817DE91265}</Identifier>
  8.     <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii.net</Domain>
  9.   </Identifier>
  10.   <Name>Pompeii Employee GPO</Name>
  11.   <IncludeComments>true</IncludeComments>
  12.   <CreatedTime>2019-09-26T00:05:50</CreatedTime>
  13.   <ModifiedTime>2019-09-26T00:30:44</ModifiedTime>
  14.   <ReadTime>2019-09-26T00:36:12.5228868Z</ReadTime>
  15.   <SecurityDescriptor>
  16.     <SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-1144715043-1454487506-3257296345-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
  17.     <Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  18.       <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  19.       <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  20.     </Owner>
  21.     <Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  22.       <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  23.       <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  24.     </Group>
  25.     <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
  26.     <Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  27.       <InheritsFromParent>false</InheritsFromParent>
  28.       <TrusteePermissions>
  29.         <Trustee>
  30.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-519</SID>
  31.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Enterprise Admins</Name>
  32.         </Trustee>
  33.         <Type xsi:type="PermissionType">
  34.           <PermissionType>Allow</PermissionType>
  35.         </Type>
  36.         <Inherited>false</Inherited>
  37.         <Applicability>
  38.           <ToSelf>true</ToSelf>
  39.           <ToDescendantObjects>false</ToDescendantObjects>
  40.           <ToDescendantContainers>true</ToDescendantContainers>
  41.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  42.         </Applicability>
  43.         <Standard>
  44.           <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
  45.         </Standard>
  46.         <AccessMask>0</AccessMask>
  47.       </TrusteePermissions>
  48.       <TrusteePermissions>
  49.         <Trustee>
  50.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
  51.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
  52.         </Trustee>
  53.         <Type xsi:type="PermissionType">
  54.           <PermissionType>Allow</PermissionType>
  55.         </Type>
  56.         <Inherited>false</Inherited>
  57.         <Applicability>
  58.           <ToSelf>true</ToSelf>
  59.           <ToDescendantObjects>false</ToDescendantObjects>
  60.           <ToDescendantContainers>true</ToDescendantContainers>
  61.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  62.         </Applicability>
  63.         <Standard>
  64.           <GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
  65.         </Standard>
  66.         <AccessMask>0</AccessMask>
  67.       </TrusteePermissions>
  68.       <TrusteePermissions>
  69.         <Trustee>
  70.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
  71.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
  72.         </Trustee>
  73.         <Type xsi:type="PermissionType">
  74.           <PermissionType>Allow</PermissionType>
  75.         </Type>
  76.         <Inherited>false</Inherited>
  77.         <Applicability>
  78.           <ToSelf>true</ToSelf>
  79.           <ToDescendantObjects>false</ToDescendantObjects>
  80.           <ToDescendantContainers>true</ToDescendantContainers>
  81.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  82.         </Applicability>
  83.         <Standard>
  84.           <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
  85.         </Standard>
  86.         <AccessMask>0</AccessMask>
  87.       </TrusteePermissions>
  88.       <TrusteePermissions>
  89.         <Trustee>
  90.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  91.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  92.         </Trustee>
  93.         <Type xsi:type="PermissionType">
  94.           <PermissionType>Allow</PermissionType>
  95.         </Type>
  96.         <Inherited>false</Inherited>
  97.         <Applicability>
  98.           <ToSelf>true</ToSelf>
  99.           <ToDescendantObjects>false</ToDescendantObjects>
  100.           <ToDescendantContainers>true</ToDescendantContainers>
  101.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  102.         </Applicability>
  103.         <Standard>
  104.           <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
  105.         </Standard>
  106.         <AccessMask>0</AccessMask>
  107.       </TrusteePermissions>
  108.       <TrusteePermissions>
  109.         <Trustee>
  110.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
  111.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
  112.         </Trustee>
  113.         <Type xsi:type="PermissionType">
  114.           <PermissionType>Allow</PermissionType>
  115.         </Type>
  116.         <Inherited>false</Inherited>
  117.         <Applicability>
  118.           <ToSelf>true</ToSelf>
  119.           <ToDescendantObjects>false</ToDescendantObjects>
  120.           <ToDescendantContainers>true</ToDescendantContainers>
  121.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  122.         </Applicability>
  123.         <Standard>
  124.           <GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
  125.         </Standard>
  126.         <AccessMask>0</AccessMask>
  127.       </TrusteePermissions>
  128.     </Permissions>
  129.     <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
  130.   </SecurityDescriptor>
  131.   <FilterDataAvailable>true</FilterDataAvailable>
  132.   <Computer>
  133.     <VersionDirectory>99</VersionDirectory>
  134.     <VersionSysvol>99</VersionSysvol>
  135.     <Enabled>true</Enabled>
  136.     <ExtensionData>
  137.       <Extension xmlns:q1="http://www.microsoft.com/GroupPolicy/Settings/Security" xsi:type="q1:SecuritySettings">
  138.         <q1:Account>
  139.           <q1:Name>LockoutBadCount</q1:Name>
  140.           <q1:SettingNumber>3</q1:SettingNumber>
  141.           <q1:Type>Account Lockout</q1:Type>
  142.         </q1:Account>
  143.         <q1:Account>
  144.           <q1:Name>LockoutDuration</q1:Name>
  145.           <q1:SettingNumber>15</q1:SettingNumber>
  146.           <q1:Type>Account Lockout</q1:Type>
  147.         </q1:Account>
  148.         <q1:Account>
  149.           <q1:Name>MinimumPasswordLength</q1:Name>
  150.           <q1:SettingNumber>8</q1:SettingNumber>
  151.           <q1:Type>Password</q1:Type>
  152.         </q1:Account>
  153.         <q1:Account>
  154.           <q1:Name>PasswordComplexity</q1:Name>
  155.           <q1:SettingBoolean>true</q1:SettingBoolean>
  156.           <q1:Type>Password</q1:Type>
  157.         </q1:Account>
  158.         <q1:Account>
  159.           <q1:Name>ResetLockoutCount</q1:Name>
  160.           <q1:SettingNumber>15</q1:SettingNumber>
  161.           <q1:Type>Account Lockout</q1:Type>
  162.         </q1:Account>
  163.         <q1:Audit>
  164.           <q1:Name>AuditAccountLogon</q1:Name>
  165.           <q1:SuccessAttempts>true</q1:SuccessAttempts>
  166.           <q1:FailureAttempts>true</q1:FailureAttempts>
  167.         </q1:Audit>
  168.         <q1:Audit>
  169.           <q1:Name>AuditLogonEvents</q1:Name>
  170.           <q1:SuccessAttempts>true</q1:SuccessAttempts>
  171.           <q1:FailureAttempts>true</q1:FailureAttempts>
  172.         </q1:Audit>
  173.         <q1:Audit>
  174.           <q1:Name>AuditPrivilegeUse</q1:Name>
  175.           <q1:SuccessAttempts>true</q1:SuccessAttempts>
  176.           <q1:FailureAttempts>true</q1:FailureAttempts>
  177.         </q1:Audit>
  178.         <q1:UserRightsAssignment>
  179.           <q1:Name>SeDenyInteractiveLogonRight</q1:Name>
  180.           <q1:Member>
  181.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-546</SID>
  182.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Guests</Name>
  183.           </q1:Member>
  184.         </q1:UserRightsAssignment>
  185.         <q1:UserRightsAssignment>
  186.           <q1:Name>SeDenyRemoteInteractiveLogonRight</q1:Name>
  187.           <q1:Member>
  188.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-546</SID>
  189.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Guests</Name>
  190.           </q1:Member>
  191.         </q1:UserRightsAssignment>
  192.         <q1:UserRightsAssignment>
  193.           <q1:Name>SeInteractiveLogonRight</q1:Name>
  194.           <q1:Member>
  195.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">netadmin</Name>
  196.           </q1:Member>
  197.           <q1:Member>
  198.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  199.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  200.           </q1:Member>
  201.         </q1:UserRightsAssignment>
  202.         <q1:UserRightsAssignment>
  203.           <q1:Name>SeRemoteInteractiveLogonRight</q1:Name>
  204.           <q1:Member>
  205.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Domain Users</Name>
  206.           </q1:Member>
  207.           <q1:Member>
  208.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Domain Admins</Name>
  209.           </q1:Member>
  210.         </q1:UserRightsAssignment>
  211.         <q1:SecurityOptions>
  212.           <q1:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\InactivityTimeoutSecs</q1:KeyName>
  213.           <q1:SettingNumber>300</q1:SettingNumber>
  214.           <q1:Display>
  215.             <q1:Name>Interactive logon: Machine inactivity limit</q1:Name>
  216.             <q1:Units>seconds</q1:Units>
  217.             <q1:DisplayNumber>300</q1:DisplayNumber>
  218.           </q1:Display>
  219.         </q1:SecurityOptions>
  220.         <q1:SecurityOptions>
  221.           <q1:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption</q1:KeyName>
  222.           <q1:SettingString>"Authorized Access Only"</q1:SettingString>
  223.           <q1:Display>
  224.             <q1:Name>Interactive logon: Message title for users attempting to log on</q1:Name>
  225.             <q1:Units />
  226.             <q1:DisplayString>"Authorized Access Only"</q1:DisplayString>
  227.           </q1:Display>
  228.         </q1:SecurityOptions>
  229.         <q1:SecurityOptions>
  230.           <q1:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText</q1:KeyName>
  231.           <q1:SettingStrings>
  232.             <q1:Value>Warning: Pompeii employees only. Logging on to  this machine means that you understand and accept Pompeii's acceptable use policy.</q1:Value>
  233.           </q1:SettingStrings>
  234.           <q1:Display>
  235.             <q1:Name>Interactive logon: Message text for users attempting to log on</q1:Name>
  236.             <q1:Units />
  237.             <q1:DisplayStrings>
  238.               <q1:Value>Warning: Pompeii employees only. Logging on to  this machine means that you understand and accept Pompeii's acceptable use policy.</q1:Value>
  239.             </q1:DisplayStrings>
  240.           </q1:Display>
  241.         </q1:SecurityOptions>
  242.         <q1:SecurityOptions>
  243.           <q1:KeyName>MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoConnectedUser</q1:KeyName>
  244.           <q1:SettingNumber>3</q1:SettingNumber>
  245.           <q1:Display>
  246.             <q1:Name>Accounts: Block Microsoft accounts</q1:Name>
  247.             <q1:Units />
  248.             <q1:DisplayString>Users can't add or log on with Microsoft accounts</q1:DisplayString>
  249.           </q1:Display>
  250.         </q1:SecurityOptions>
  251.         <q1:SecurityOptions>
  252.           <q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel</q1:KeyName>
  253.           <q1:SettingNumber>5</q1:SettingNumber>
  254.           <q1:Display>
  255.             <q1:Name>Network security: LAN Manager authentication level</q1:Name>
  256.             <q1:Units />
  257.             <q1:DisplayString>Send NTLMv2 response only. Refuse LM &amp; NTLM</q1:DisplayString>
  258.           </q1:Display>
  259.         </q1:SecurityOptions>
  260.         <q1:SecurityOptions>
  261.           <q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash</q1:KeyName>
  262.           <q1:SettingNumber>1</q1:SettingNumber>
  263.           <q1:Display>
  264.             <q1:Name>Network security: Do not store LAN Manager hash value on next password change</q1:Name>
  265.             <q1:Units />
  266.             <q1:DisplayBoolean>true</q1:DisplayBoolean>
  267.           </q1:Display>
  268.         </q1:SecurityOptions>
  269.         <q1:SecurityOptions>
  270.           <q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous</q1:KeyName>
  271.           <q1:SettingNumber>1</q1:SettingNumber>
  272.           <q1:Display>
  273.             <q1:Name>Network access: Do not allow anonymous enumeration of SAM accounts and shares</q1:Name>
  274.             <q1:Units />
  275.             <q1:DisplayBoolean>true</q1:DisplayBoolean>
  276.           </q1:Display>
  277.         </q1:SecurityOptions>
  278.         <q1:SecurityOptions>
  279.           <q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM</q1:KeyName>
  280.           <q1:SettingNumber>1</q1:SettingNumber>
  281.           <q1:Display>
  282.             <q1:Name>Network access: Do not allow anonymous enumeration of SAM accounts</q1:Name>
  283.             <q1:Units />
  284.             <q1:DisplayBoolean>true</q1:DisplayBoolean>
  285.           </q1:Display>
  286.         </q1:SecurityOptions>
  287.         <q1:SecurityOptions>
  288.           <q1:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares</q1:KeyName>
  289.           <q1:SettingStrings />
  290.           <q1:Display>
  291.             <q1:Name>Network access: Shares that can be accessed anonymously</q1:Name>
  292.             <q1:Units />
  293.             <q1:DisplayStrings />
  294.           </q1:Display>
  295.         </q1:SecurityOptions>
  296.         <q1:SecurityOptions>
  297.           <q1:SystemAccessPolicyName>EnableAdminAccount</q1:SystemAccessPolicyName>
  298.           <q1:SettingNumber>1</q1:SettingNumber>
  299.         </q1:SecurityOptions>
  300.         <q1:SecurityOptions>
  301.           <q1:SystemAccessPolicyName>EnableGuestAccount</q1:SystemAccessPolicyName>
  302.           <q1:SettingNumber>0</q1:SettingNumber>
  303.         </q1:SecurityOptions>
  304.         <q1:SecurityOptions>
  305.           <q1:SystemAccessPolicyName>NewAdministratorName</q1:SystemAccessPolicyName>
  306.           <q1:SettingString>"netadmin"</q1:SettingString>
  307.         </q1:SecurityOptions>
  308.         <q1:EventLog>
  309.           <q1:Name>AuditLogRetentionPeriod</q1:Name>
  310.           <q1:Log>Application</q1:Log>
  311.           <q1:SettingNumber>1</q1:SettingNumber>
  312.         </q1:EventLog>
  313.         <q1:EventLog>
  314.           <q1:Name>RetentionDays</q1:Name>
  315.           <q1:Log>Application</q1:Log>
  316.           <q1:SettingNumber>7</q1:SettingNumber>
  317.         </q1:EventLog>
  318.         <q1:EventLog>
  319.           <q1:Name>AuditLogRetentionPeriod</q1:Name>
  320.           <q1:Log>System</q1:Log>
  321.           <q1:SettingNumber>1</q1:SettingNumber>
  322.         </q1:EventLog>
  323.         <q1:EventLog>
  324.           <q1:Name>RetentionDays</q1:Name>
  325.           <q1:Log>System</q1:Log>
  326.           <q1:SettingNumber>7</q1:SettingNumber>
  327.         </q1:EventLog>
  328.         <q1:EventLog>
  329.           <q1:Name>AuditLogRetentionPeriod</q1:Name>
  330.           <q1:Log>Security</q1:Log>
  331.           <q1:SettingNumber>1</q1:SettingNumber>
  332.         </q1:EventLog>
  333.         <q1:EventLog>
  334.           <q1:Name>RetentionDays</q1:Name>
  335.           <q1:Log>Security</q1:Log>
  336.           <q1:SettingNumber>7</q1:SettingNumber>
  337.         </q1:EventLog>
  338.       </Extension>
  339.       <Name>Security</Name>
  340.     </ExtensionData>
  341.   </Computer>
  342.   <User>
  343.     <VersionDirectory>1</VersionDirectory>
  344.     <VersionSysvol>1</VersionSysvol>
  345.     <Enabled>true</Enabled>
  346.     <ExtensionData>
  347.       <Extension xmlns:q2="http://www.microsoft.com/GroupPolicy/Settings/Registry" xsi:type="q2:RegistrySettings">
  348.         <q2:Policy>
  349.           <q2:Name>Desktop Wallpaper</q2:Name>
  350.           <q2:State>Enabled</q2:State>
  351.           <q2:Explain>Specifies the desktop background ("wallpaper") displayed on all users' desktops.
  352.  
  353. This setting lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap (*.bmp) or JPEG (*.jpg) file.
  354.  
  355. To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\Server\Share\Corp.jpg. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification.
  356.  
  357. If you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.
  358.  
  359. Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Prevent changing wallpaper" setting in User Configuration\Administrative Templates\Control Panel.
  360.  
  361. Note: This setting does not apply to remote desktop server sessions.</q2:Explain>
  362.           <q2:Supported>At least Windows 2000</q2:Supported>
  363.           <q2:Category>Desktop/Desktop</q2:Category>
  364.           <q2:EditText>
  365.             <q2:Name>Wallpaper Name:</q2:Name>
  366.             <q2:State>Enabled</q2:State>
  367.             <q2:Value>pompeii</q2:Value>
  368.           </q2:EditText>
  369.           <q2:Text>
  370.             <q2:Name>Example: Using a local path:   C:\windows\web\wallpaper\home.jpg</q2:Name>
  371.           </q2:Text>
  372.           <q2:Text>
  373.             <q2:Name>Example: Using a UNC path:     \\Server\Share\Corp.jpg</q2:Name>
  374.           </q2:Text>
  375.           <q2:DropDownList>
  376.             <q2:Name>Wallpaper Style:</q2:Name>
  377.             <q2:State>Enabled</q2:State>
  378.             <q2:Value>
  379.               <q2:Name>Fill</q2:Name>
  380.             </q2:Value>
  381.           </q2:DropDownList>
  382.         </q2:Policy>
  383.       </Extension>
  384.       <Name>Registry</Name>
  385.     </ExtensionData>
  386.   </User>
  387.   <LinksTo>
  388.     <SOMName>CEO</SOMName>
  389.     <SOMPath>pompeii.net/CEO</SOMPath>
  390.     <Enabled>true</Enabled>
  391.     <NoOverride>true</NoOverride>
  392.   </LinksTo>
  393.   <LinksTo>
  394.     <SOMName>HR</SOMName>
  395.     <SOMPath>pompeii.net/HR</SOMPath>
  396.     <Enabled>true</Enabled>
  397.     <NoOverride>true</NoOverride>
  398.   </LinksTo>
  399.   <LinksTo>
  400.     <SOMName>Temp</SOMName>
  401.     <SOMPath>pompeii.net/Temp</SOMPath>
  402.     <Enabled>true</Enabled>
  403.     <NoOverride>true</NoOverride>
  404.   </LinksTo>
  405.   <LinksTo>
  406.     <SOMName>DevOps</SOMName>
  407.     <SOMPath>pompeii.net/DevOps</SOMPath>
  408.     <Enabled>true</Enabled>
  409.     <NoOverride>true</NoOverride>
  410.   </LinksTo>
  411.   <LinksTo>
  412.     <SOMName>Accounting</SOMName>
  413.     <SOMPath>pompeii.net/Accounting</SOMPath>
  414.     <Enabled>true</Enabled>
  415.     <NoOverride>true</NoOverride>
  416.   </LinksTo>
  417.   <LinksTo>
  418.     <SOMName>Faculty</SOMName>
  419.     <SOMPath>pompeii.net/Faculty</SOMPath>
  420.     <Enabled>true</Enabled>
  421.     <NoOverride>true</NoOverride>
  422.   </LinksTo>
  423.   <LinksTo>
  424.     <SOMName>IT</SOMName>
  425.     <SOMPath>pompeii.net/IT</SOMPath>
  426.     <Enabled>true</Enabled>
  427.     <NoOverride>true</NoOverride>
  428.   </LinksTo>
  429.   <LinksTo>
  430.     <SOMName>Clerk</SOMName>
  431.     <SOMPath>pompeii.net/Clerk</SOMPath>
  432.     <Enabled>true</Enabled>
  433.     <NoOverride>true</NoOverride>
  434.   </LinksTo>
  435.   <LinksTo>
  436.     <SOMName>Staff</SOMName>
  437.     <SOMPath>pompeii.net/Staff</SOMPath>
  438.     <Enabled>true</Enabled>
  439.     <NoOverride>true</NoOverride>
  440.   </LinksTo>
  441.   <LinksTo>
  442.     <SOMName>pompeii</SOMName>
  443.     <SOMPath>pompeii.net</SOMPath>
  444.     <Enabled>true</Enabled>
  445.     <NoOverride>true</NoOverride>
  446.   </LinksTo>
  447. </GPO>
  448.  
  449. <GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
  450.   <Identifier>
  451.     <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{31B2F340-016D-11D2-945F-00C04FB984F9}</Identifier>
  452.     <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii.net</Domain>
  453.   </Identifier>
  454.   <Name>Default GPO</Name>
  455.   <IncludeComments>true</IncludeComments>
  456.   <CreatedTime>2019-09-05T18:43:52</CreatedTime>
  457.   <ModifiedTime>2019-09-26T00:05:22</ModifiedTime>
  458.   <ReadTime>2019-09-26T00:36:16.2885186Z</ReadTime>
  459.   <SecurityDescriptor>
  460.     <SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(A;;CCLCSWRPWPLORCWDWO;;;DA)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCLCSWRPWPLORCWDWO;;;S-1-5-21-1144715043-1454487506-3257296345-519)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-1144715043-1454487506-3257296345-519)(A;;CCLCSWRPWPLORCWDWO;;;DA)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CI;LCRPLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
  461.     <Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  462.       <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  463.       <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  464.     </Owner>
  465.     <Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  466.       <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  467.       <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  468.     </Group>
  469.     <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
  470.     <Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  471.       <InheritsFromParent>false</InheritsFromParent>
  472.       <TrusteePermissions>
  473.         <Trustee>
  474.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
  475.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
  476.         </Trustee>
  477.         <Type xsi:type="PermissionType">
  478.           <PermissionType>Allow</PermissionType>
  479.         </Type>
  480.         <Inherited>false</Inherited>
  481.         <Applicability>
  482.           <ToSelf>true</ToSelf>
  483.           <ToDescendantObjects>false</ToDescendantObjects>
  484.           <ToDescendantContainers>true</ToDescendantContainers>
  485.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  486.         </Applicability>
  487.         <Standard>
  488.           <GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
  489.         </Standard>
  490.         <AccessMask>0</AccessMask>
  491.       </TrusteePermissions>
  492.       <TrusteePermissions>
  493.         <Trustee>
  494.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
  495.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
  496.         </Trustee>
  497.         <Type xsi:type="PermissionType">
  498.           <PermissionType>Allow</PermissionType>
  499.         </Type>
  500.         <Inherited>false</Inherited>
  501.         <Applicability>
  502.           <ToSelf>true</ToSelf>
  503.           <ToDescendantObjects>false</ToDescendantObjects>
  504.           <ToDescendantContainers>true</ToDescendantContainers>
  505.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  506.         </Applicability>
  507.         <Standard>
  508.           <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
  509.         </Standard>
  510.         <AccessMask>0</AccessMask>
  511.       </TrusteePermissions>
  512.       <TrusteePermissions>
  513.         <Trustee>
  514.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
  515.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
  516.         </Trustee>
  517.         <Type xsi:type="PermissionType">
  518.           <PermissionType>Allow</PermissionType>
  519.         </Type>
  520.         <Inherited>false</Inherited>
  521.         <Applicability>
  522.           <ToSelf>true</ToSelf>
  523.           <ToDescendantObjects>false</ToDescendantObjects>
  524.           <ToDescendantContainers>true</ToDescendantContainers>
  525.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  526.         </Applicability>
  527.         <Standard>
  528.           <GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
  529.         </Standard>
  530.         <AccessMask>0</AccessMask>
  531.       </TrusteePermissions>
  532.     </Permissions>
  533.     <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
  534.   </SecurityDescriptor>
  535.   <FilterDataAvailable>true</FilterDataAvailable>
  536.   <Computer>
  537.     <VersionDirectory>3</VersionDirectory>
  538.     <VersionSysvol>3</VersionSysvol>
  539.     <Enabled>true</Enabled>
  540.     <ExtensionData>
  541.       <Extension xmlns:q1="http://www.microsoft.com/GroupPolicy/Settings/Security" xsi:type="q1:SecuritySettings">
  542.         <q1:Account>
  543.           <q1:Name>ClearTextPassword</q1:Name>
  544.           <q1:SettingBoolean>false</q1:SettingBoolean>
  545.           <q1:Type>Password</q1:Type>
  546.         </q1:Account>
  547.         <q1:Account>
  548.           <q1:Name>LockoutBadCount</q1:Name>
  549.           <q1:SettingNumber>0</q1:SettingNumber>
  550.           <q1:Type>Account Lockout</q1:Type>
  551.         </q1:Account>
  552.         <q1:Account>
  553.           <q1:Name>MaximumPasswordAge</q1:Name>
  554.           <q1:SettingNumber>42</q1:SettingNumber>
  555.           <q1:Type>Password</q1:Type>
  556.         </q1:Account>
  557.         <q1:Account>
  558.           <q1:Name>MinimumPasswordAge</q1:Name>
  559.           <q1:SettingNumber>1</q1:SettingNumber>
  560.           <q1:Type>Password</q1:Type>
  561.         </q1:Account>
  562.         <q1:Account>
  563.           <q1:Name>MinimumPasswordLength</q1:Name>
  564.           <q1:SettingNumber>7</q1:SettingNumber>
  565.           <q1:Type>Password</q1:Type>
  566.         </q1:Account>
  567.         <q1:Account>
  568.           <q1:Name>PasswordComplexity</q1:Name>
  569.           <q1:SettingBoolean>true</q1:SettingBoolean>
  570.           <q1:Type>Password</q1:Type>
  571.         </q1:Account>
  572.         <q1:Account>
  573.           <q1:Name>PasswordHistorySize</q1:Name>
  574.           <q1:SettingNumber>24</q1:SettingNumber>
  575.           <q1:Type>Password</q1:Type>
  576.         </q1:Account>
  577.         <q1:Account>
  578.           <q1:Name>MaxClockSkew</q1:Name>
  579.           <q1:SettingNumber>5</q1:SettingNumber>
  580.           <q1:Type>Kerberos</q1:Type>
  581.         </q1:Account>
  582.         <q1:Account>
  583.           <q1:Name>MaxRenewAge</q1:Name>
  584.           <q1:SettingNumber>7</q1:SettingNumber>
  585.           <q1:Type>Kerberos</q1:Type>
  586.         </q1:Account>
  587.         <q1:Account>
  588.           <q1:Name>MaxServiceAge</q1:Name>
  589.           <q1:SettingNumber>600</q1:SettingNumber>
  590.           <q1:Type>Kerberos</q1:Type>
  591.         </q1:Account>
  592.         <q1:Account>
  593.           <q1:Name>MaxTicketAge</q1:Name>
  594.           <q1:SettingNumber>10</q1:SettingNumber>
  595.           <q1:Type>Kerberos</q1:Type>
  596.         </q1:Account>
  597.         <q1:Account>
  598.           <q1:Name>TicketValidateClient</q1:Name>
  599.           <q1:SettingBoolean>true</q1:SettingBoolean>
  600.           <q1:Type>Kerberos</q1:Type>
  601.         </q1:Account>
  602.         <q1:SecurityOptions>
  603.           <q1:KeyName>MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash</q1:KeyName>
  604.           <q1:SettingNumber>1</q1:SettingNumber>
  605.           <q1:Display>
  606.             <q1:Name>Network security: Do not store LAN Manager hash value on next password change</q1:Name>
  607.             <q1:Units />
  608.             <q1:DisplayBoolean>true</q1:DisplayBoolean>
  609.           </q1:Display>
  610.         </q1:SecurityOptions>
  611.         <q1:SecurityOptions>
  612.           <q1:SystemAccessPolicyName>ForceLogoffWhenHourExpire</q1:SystemAccessPolicyName>
  613.           <q1:SettingNumber>0</q1:SettingNumber>
  614.         </q1:SecurityOptions>
  615.         <q1:SecurityOptions>
  616.           <q1:SystemAccessPolicyName>LSAAnonymousNameLookup</q1:SystemAccessPolicyName>
  617.           <q1:SettingNumber>0</q1:SettingNumber>
  618.         </q1:SecurityOptions>
  619.       </Extension>
  620.       <Name>Security</Name>
  621.     </ExtensionData>
  622.     <ExtensionData>
  623.       <Extension xmlns:q2="http://www.microsoft.com/GroupPolicy/Settings/PublicKey" xsi:type="q2:PublicKeySettings">
  624.         <q2:EFSSettings>
  625.           <q2:AllowEFS>2</q2:AllowEFS>
  626.           <q2:Options>0</q2:Options>
  627.           <q2:CacheTimeout>0</q2:CacheTimeout>
  628.           <q2:KeyLen>0</q2:KeyLen>
  629.         </q2:EFSSettings>
  630.         <q2:EFSRecoveryAgent>
  631.           <q2:IssuedTo>Administrator</q2:IssuedTo>
  632.           <q2:IssuedBy>Administrator</q2:IssuedBy>
  633.           <q2:ExpirationDate>2119-08-19T20:53:22Z</q2:ExpirationDate>
  634.           <q2:CertificatePurpose>
  635.             <q2:Purpose>1.3.6.1.4.1.311.10.3.4.1</q2:Purpose>
  636.           </q2:CertificatePurpose>
  637.           <q2:Data>0200000001000000CC0000001C0000006C0000000100000000000000000000000000000001000000360033006400620037006100350038002D0033003700380036002D0034003300310034002D0061003800610065002D0033006200630030003300660035003400310033003500300000000000000000004D006900630072006F0073006F0066007400200045006E00680061006E006300650064002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072002000760031002E003000000000000300000001000000140000004B156D52DA7E1FA17D4D62FEE3B9AD14B7E47644200000000100000088030000308203843082026CA00302010202104E0FC9C1B8AABC954A20CBE086790410300D06092A864886F70D01010505003050311630140603550403130D41646D696E6973747261746F72310C300A0603550407130345465331283026060355040B131F4546532046696C6520456E6372797074696F6E2043657274696669636174653020170D3139303931323230353332325A180F32313139303831393230353332325A3050311630140603550403130D41646D696E6973747261746F72310C300A0603550407130345465331283026060355040B131F4546532046696C6520456E6372797074696F6E20436572746966696361746530820122300D06092A864886F70D01010105000382010F003082010A0282010100B3D768154E76422F218ECC309E18B2D3A75EB13BC317E1B7930BBB80794813FAF6E5FC11CF9705DFA44AE4E6DD5FC39AF7668250A2FBA45BCAC4CBDBEA1726EA4287754CA305E48C98FFCAFC312B7629A63CB3BB0F9F2FFDC5ECAB218CD49704B0BA26709AD79BC9002C5984513C0D91E4BC7B51545794BA3E21CDB475CCA54BF133713D39862D7FF157120F5D3331FEFF7C6F7A35E1908AEE481F3CC91C530619C1A5B0001A385BC50AF74F47F2A07461F92DC9198CB1A41B4C8259E871B58A5C984B02A9E598098BBBE81054785C02C5262D532960CD1E248E86CA59B90855BF96CD73DFB733FC264779F3AF522E684BC9B1928D8A17DAB2E58F4BC0B93A150203010001A358305630160603551D25040F300D060B2B0601040182370A03040130310603551D11042A3028A026060A2B060104018237140203A0180C1641646D696E6973747261746F7240706F6D706569690030090603551D1304023000300D06092A864886F70D010105050003820101001609B8DB0CD8ED3CD038C11317D3F5E90B07E2573DAF17A3072BFDAB331B070D2ACC2AA8353D460DF7BC224CB9C874ABE6FF7CF102D5E64A22C60A198CD2B196303A6BC6FA7EDB063F96666CEB746E29C845D45B8FA121C18896180E22884A98DEFE279A30F7EAA8FCABA63563BFF606BA621A96342D26135FA138D16D217222D1561F0B3B3A82BED8C59DB443FB0E841B7FFEF5FB0A4E86C8FDDD147CD1570EEF374CFB21DC1D66B93ED1BAF549070BA78FDF0A15ED17501C0307F1F5BF529CC8B8B413B400B8305C642B2CBE1C20367A254B58388AA3AD0634E645D30BB43AF15422E1F76F131290E72E3938345BF0F1C8F9D1AB0278ED86205CC1CBDD409A</q2:Data>
  638.         </q2:EFSRecoveryAgent>
  639.         <q2:RootCertificateSettings>
  640.           <q2:AllowNewCAs>true</q2:AllowNewCAs>
  641.           <q2:TrustThirdPartyCAs>true</q2:TrustThirdPartyCAs>
  642.           <q2:RequireUPNNamingConstraints>false</q2:RequireUPNNamingConstraints>
  643.         </q2:RootCertificateSettings>
  644.       </Extension>
  645.       <Name>Public Key</Name>
  646.     </ExtensionData>
  647.     <ExtensionData>
  648.       <Extension xmlns:q3="http://www.microsoft.com/GroupPolicy/Settings/Registry" xsi:type="q3:RegistrySettings" />
  649.       <Name>Registry</Name>
  650.     </ExtensionData>
  651.   </Computer>
  652.   <User>
  653.     <VersionDirectory>0</VersionDirectory>
  654.     <VersionSysvol>0</VersionSysvol>
  655.     <Enabled>true</Enabled>
  656.   </User>
  657.   <LinksTo>
  658.     <SOMName>pompeii</SOMName>
  659.     <SOMPath>pompeii.net</SOMPath>
  660.     <Enabled>true</Enabled>
  661.     <NoOverride>false</NoOverride>
  662.   </LinksTo>
  663. </GPO>
  664.  
  665. <GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
  666.   <Identifier>
  667.     <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{6AC1786C-016F-11D2-945F-00C04fB984F9}</Identifier>
  668.     <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii.net</Domain>
  669.   </Identifier>
  670.   <Name>Default Domain Controllers Policy</Name>
  671.   <IncludeComments>true</IncludeComments>
  672.   <CreatedTime>2019-09-05T18:43:52</CreatedTime>
  673.   <ModifiedTime>2019-09-05T18:43:52</ModifiedTime>
  674.   <ReadTime>2019-09-26T00:36:16.3197698Z</ReadTime>
  675.   <SecurityDescriptor>
  676.     <SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(A;;CCLCSWRPWPLORCWDWO;;;DA)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCLCSWRPWPLORCWDWO;;;S-1-5-21-1144715043-1454487506-3257296345-519)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-1144715043-1454487506-3257296345-519)(A;;CCLCSWRPWPLORCWDWO;;;DA)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CI;LCRPLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
  677.     <Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  678.       <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  679.       <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  680.     </Owner>
  681.     <Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  682.       <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  683.       <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  684.     </Group>
  685.     <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
  686.     <Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  687.       <InheritsFromParent>false</InheritsFromParent>
  688.       <TrusteePermissions>
  689.         <Trustee>
  690.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
  691.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
  692.         </Trustee>
  693.         <Type xsi:type="PermissionType">
  694.           <PermissionType>Allow</PermissionType>
  695.         </Type>
  696.         <Inherited>false</Inherited>
  697.         <Applicability>
  698.           <ToSelf>true</ToSelf>
  699.           <ToDescendantObjects>false</ToDescendantObjects>
  700.           <ToDescendantContainers>true</ToDescendantContainers>
  701.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  702.         </Applicability>
  703.         <Standard>
  704.           <GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
  705.         </Standard>
  706.         <AccessMask>0</AccessMask>
  707.       </TrusteePermissions>
  708.       <TrusteePermissions>
  709.         <Trustee>
  710.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
  711.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
  712.         </Trustee>
  713.         <Type xsi:type="PermissionType">
  714.           <PermissionType>Allow</PermissionType>
  715.         </Type>
  716.         <Inherited>false</Inherited>
  717.         <Applicability>
  718.           <ToSelf>true</ToSelf>
  719.           <ToDescendantObjects>false</ToDescendantObjects>
  720.           <ToDescendantContainers>true</ToDescendantContainers>
  721.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  722.         </Applicability>
  723.         <Standard>
  724.           <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
  725.         </Standard>
  726.         <AccessMask>0</AccessMask>
  727.       </TrusteePermissions>
  728.       <TrusteePermissions>
  729.         <Trustee>
  730.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
  731.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
  732.         </Trustee>
  733.         <Type xsi:type="PermissionType">
  734.           <PermissionType>Allow</PermissionType>
  735.         </Type>
  736.         <Inherited>false</Inherited>
  737.         <Applicability>
  738.           <ToSelf>true</ToSelf>
  739.           <ToDescendantObjects>false</ToDescendantObjects>
  740.           <ToDescendantContainers>true</ToDescendantContainers>
  741.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  742.         </Applicability>
  743.         <Standard>
  744.           <GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
  745.         </Standard>
  746.         <AccessMask>0</AccessMask>
  747.       </TrusteePermissions>
  748.     </Permissions>
  749.     <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
  750.   </SecurityDescriptor>
  751.   <FilterDataAvailable>true</FilterDataAvailable>
  752.   <Computer>
  753.     <VersionDirectory>1</VersionDirectory>
  754.     <VersionSysvol>1</VersionSysvol>
  755.     <Enabled>true</Enabled>
  756.     <ExtensionData>
  757.       <Extension xmlns:q1="http://www.microsoft.com/GroupPolicy/Settings/Security" xsi:type="q1:SecuritySettings">
  758.         <q1:UserRightsAssignment>
  759.           <q1:Name>SeAssignPrimaryTokenPrivilege</q1:Name>
  760.           <q1:Member>
  761.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-20</SID>
  762.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\NETWORK SERVICE</Name>
  763.           </q1:Member>
  764.           <q1:Member>
  765.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-19</SID>
  766.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\LOCAL SERVICE</Name>
  767.           </q1:Member>
  768.         </q1:UserRightsAssignment>
  769.         <q1:UserRightsAssignment>
  770.           <q1:Name>SeAuditPrivilege</q1:Name>
  771.           <q1:Member>
  772.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-20</SID>
  773.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\NETWORK SERVICE</Name>
  774.           </q1:Member>
  775.           <q1:Member>
  776.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-19</SID>
  777.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\LOCAL SERVICE</Name>
  778.           </q1:Member>
  779.         </q1:UserRightsAssignment>
  780.         <q1:UserRightsAssignment>
  781.           <q1:Name>SeBackupPrivilege</q1:Name>
  782.           <q1:Member>
  783.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-549</SID>
  784.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Server Operators</Name>
  785.           </q1:Member>
  786.           <q1:Member>
  787.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-551</SID>
  788.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Backup Operators</Name>
  789.           </q1:Member>
  790.           <q1:Member>
  791.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  792.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  793.           </q1:Member>
  794.         </q1:UserRightsAssignment>
  795.         <q1:UserRightsAssignment>
  796.           <q1:Name>SeBatchLogonRight</q1:Name>
  797.           <q1:Member>
  798.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-559</SID>
  799.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Performance Log Users</Name>
  800.           </q1:Member>
  801.           <q1:Member>
  802.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-551</SID>
  803.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Backup Operators</Name>
  804.           </q1:Member>
  805.           <q1:Member>
  806.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  807.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  808.           </q1:Member>
  809.         </q1:UserRightsAssignment>
  810.         <q1:UserRightsAssignment>
  811.           <q1:Name>SeChangeNotifyPrivilege</q1:Name>
  812.           <q1:Member>
  813.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-554</SID>
  814.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Pre-Windows 2000 Compatible Access</Name>
  815.           </q1:Member>
  816.           <q1:Member>
  817.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
  818.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
  819.           </q1:Member>
  820.           <q1:Member>
  821.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  822.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  823.           </q1:Member>
  824.           <q1:Member>
  825.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-20</SID>
  826.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\NETWORK SERVICE</Name>
  827.           </q1:Member>
  828.           <q1:Member>
  829.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-19</SID>
  830.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\LOCAL SERVICE</Name>
  831.           </q1:Member>
  832.           <q1:Member>
  833.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-1-0</SID>
  834.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Everyone</Name>
  835.           </q1:Member>
  836.         </q1:UserRightsAssignment>
  837.         <q1:UserRightsAssignment>
  838.           <q1:Name>SeCreatePagefilePrivilege</q1:Name>
  839.           <q1:Member>
  840.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  841.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  842.           </q1:Member>
  843.         </q1:UserRightsAssignment>
  844.         <q1:UserRightsAssignment>
  845.           <q1:Name>SeDebugPrivilege</q1:Name>
  846.           <q1:Member>
  847.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  848.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  849.           </q1:Member>
  850.         </q1:UserRightsAssignment>
  851.         <q1:UserRightsAssignment>
  852.           <q1:Name>SeEnableDelegationPrivilege</q1:Name>
  853.           <q1:Member>
  854.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  855.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  856.           </q1:Member>
  857.         </q1:UserRightsAssignment>
  858.         <q1:UserRightsAssignment>
  859.           <q1:Name>SeIncreaseBasePriorityPrivilege</q1:Name>
  860.           <q1:Member>
  861.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  862.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  863.           </q1:Member>
  864.         </q1:UserRightsAssignment>
  865.         <q1:UserRightsAssignment>
  866.           <q1:Name>SeIncreaseQuotaPrivilege</q1:Name>
  867.           <q1:Member>
  868.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  869.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  870.           </q1:Member>
  871.           <q1:Member>
  872.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-20</SID>
  873.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\NETWORK SERVICE</Name>
  874.           </q1:Member>
  875.           <q1:Member>
  876.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-19</SID>
  877.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\LOCAL SERVICE</Name>
  878.           </q1:Member>
  879.         </q1:UserRightsAssignment>
  880.         <q1:UserRightsAssignment>
  881.           <q1:Name>SeInteractiveLogonRight</q1:Name>
  882.           <q1:Member>
  883.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
  884.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
  885.           </q1:Member>
  886.           <q1:Member>
  887.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-550</SID>
  888.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Print Operators</Name>
  889.           </q1:Member>
  890.           <q1:Member>
  891.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-549</SID>
  892.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Server Operators</Name>
  893.           </q1:Member>
  894.           <q1:Member>
  895.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-548</SID>
  896.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Account Operators</Name>
  897.           </q1:Member>
  898.           <q1:Member>
  899.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-551</SID>
  900.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Backup Operators</Name>
  901.           </q1:Member>
  902.           <q1:Member>
  903.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  904.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  905.           </q1:Member>
  906.         </q1:UserRightsAssignment>
  907.         <q1:UserRightsAssignment>
  908.           <q1:Name>SeLoadDriverPrivilege</q1:Name>
  909.           <q1:Member>
  910.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-550</SID>
  911.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Print Operators</Name>
  912.           </q1:Member>
  913.           <q1:Member>
  914.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  915.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  916.           </q1:Member>
  917.         </q1:UserRightsAssignment>
  918.         <q1:UserRightsAssignment>
  919.           <q1:Name>SeMachineAccountPrivilege</q1:Name>
  920.           <q1:Member>
  921.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
  922.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
  923.           </q1:Member>
  924.         </q1:UserRightsAssignment>
  925.         <q1:UserRightsAssignment>
  926.           <q1:Name>SeNetworkLogonRight</q1:Name>
  927.           <q1:Member>
  928.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-554</SID>
  929.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Pre-Windows 2000 Compatible Access</Name>
  930.           </q1:Member>
  931.           <q1:Member>
  932.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
  933.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
  934.           </q1:Member>
  935.           <q1:Member>
  936.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
  937.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
  938.           </q1:Member>
  939.           <q1:Member>
  940.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  941.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  942.           </q1:Member>
  943.           <q1:Member>
  944.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-1-0</SID>
  945.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">Everyone</Name>
  946.           </q1:Member>
  947.         </q1:UserRightsAssignment>
  948.         <q1:UserRightsAssignment>
  949.           <q1:Name>SeProfileSingleProcessPrivilege</q1:Name>
  950.           <q1:Member>
  951.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  952.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  953.           </q1:Member>
  954.         </q1:UserRightsAssignment>
  955.         <q1:UserRightsAssignment>
  956.           <q1:Name>SeRemoteShutdownPrivilege</q1:Name>
  957.           <q1:Member>
  958.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-549</SID>
  959.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Server Operators</Name>
  960.           </q1:Member>
  961.           <q1:Member>
  962.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  963.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  964.           </q1:Member>
  965.         </q1:UserRightsAssignment>
  966.         <q1:UserRightsAssignment>
  967.           <q1:Name>SeRestorePrivilege</q1:Name>
  968.           <q1:Member>
  969.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-549</SID>
  970.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Server Operators</Name>
  971.           </q1:Member>
  972.           <q1:Member>
  973.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-551</SID>
  974.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Backup Operators</Name>
  975.           </q1:Member>
  976.           <q1:Member>
  977.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  978.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  979.           </q1:Member>
  980.         </q1:UserRightsAssignment>
  981.         <q1:UserRightsAssignment>
  982.           <q1:Name>SeSecurityPrivilege</q1:Name>
  983.           <q1:Member>
  984.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  985.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  986.           </q1:Member>
  987.         </q1:UserRightsAssignment>
  988.         <q1:UserRightsAssignment>
  989.           <q1:Name>SeShutdownPrivilege</q1:Name>
  990.           <q1:Member>
  991.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-550</SID>
  992.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Print Operators</Name>
  993.           </q1:Member>
  994.           <q1:Member>
  995.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-549</SID>
  996.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Server Operators</Name>
  997.           </q1:Member>
  998.           <q1:Member>
  999.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-551</SID>
  1000.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Backup Operators</Name>
  1001.           </q1:Member>
  1002.           <q1:Member>
  1003.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  1004.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  1005.           </q1:Member>
  1006.         </q1:UserRightsAssignment>
  1007.         <q1:UserRightsAssignment>
  1008.           <q1:Name>SeSystemEnvironmentPrivilege</q1:Name>
  1009.           <q1:Member>
  1010.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  1011.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  1012.           </q1:Member>
  1013.         </q1:UserRightsAssignment>
  1014.         <q1:UserRightsAssignment>
  1015.           <q1:Name>SeSystemProfilePrivilege</q1:Name>
  1016.           <q1:Member>
  1017.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420</SID>
  1018.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT SERVICE\WdiServiceHost</Name>
  1019.           </q1:Member>
  1020.           <q1:Member>
  1021.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  1022.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  1023.           </q1:Member>
  1024.         </q1:UserRightsAssignment>
  1025.         <q1:UserRightsAssignment>
  1026.           <q1:Name>SeSystemTimePrivilege</q1:Name>
  1027.           <q1:Member>
  1028.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-549</SID>
  1029.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Server Operators</Name>
  1030.           </q1:Member>
  1031.           <q1:Member>
  1032.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  1033.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  1034.           </q1:Member>
  1035.           <q1:Member>
  1036.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-19</SID>
  1037.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\LOCAL SERVICE</Name>
  1038.           </q1:Member>
  1039.         </q1:UserRightsAssignment>
  1040.         <q1:UserRightsAssignment>
  1041.           <q1:Name>SeTakeOwnershipPrivilege</q1:Name>
  1042.           <q1:Member>
  1043.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  1044.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  1045.           </q1:Member>
  1046.         </q1:UserRightsAssignment>
  1047.         <q1:UserRightsAssignment>
  1048.           <q1:Name>SeUndockPrivilege</q1:Name>
  1049.           <q1:Member>
  1050.             <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
  1051.             <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
  1052.           </q1:Member>
  1053.         </q1:UserRightsAssignment>
  1054.         <q1:SecurityOptions>
  1055.           <q1:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature</q1:KeyName>
  1056.           <q1:SettingNumber>1</q1:SettingNumber>
  1057.           <q1:Display>
  1058.             <q1:Name>Microsoft network server: Digitally sign communications (if client agrees)</q1:Name>
  1059.             <q1:Units />
  1060.             <q1:DisplayBoolean>true</q1:DisplayBoolean>
  1061.           </q1:Display>
  1062.         </q1:SecurityOptions>
  1063.         <q1:SecurityOptions>
  1064.           <q1:KeyName>MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature</q1:KeyName>
  1065.           <q1:SettingNumber>1</q1:SettingNumber>
  1066.           <q1:Display>
  1067.             <q1:Name>Microsoft network server: Digitally sign communications (always)</q1:Name>
  1068.             <q1:Units />
  1069.             <q1:DisplayBoolean>true</q1:DisplayBoolean>
  1070.           </q1:Display>
  1071.         </q1:SecurityOptions>
  1072.         <q1:SecurityOptions>
  1073.           <q1:KeyName>MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal</q1:KeyName>
  1074.           <q1:SettingNumber>1</q1:SettingNumber>
  1075.           <q1:Display>
  1076.             <q1:Name>Domain member: Digitally encrypt or sign secure channel data (always)</q1:Name>
  1077.             <q1:Units />
  1078.             <q1:DisplayBoolean>true</q1:DisplayBoolean>
  1079.           </q1:Display>
  1080.         </q1:SecurityOptions>
  1081.         <q1:SecurityOptions>
  1082.           <q1:KeyName>MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity</q1:KeyName>
  1083.           <q1:SettingNumber>1</q1:SettingNumber>
  1084.           <q1:Display>
  1085.             <q1:Name>Domain controller: LDAP server signing requirements</q1:Name>
  1086.             <q1:Units />
  1087.             <q1:DisplayString>None</q1:DisplayString>
  1088.           </q1:Display>
  1089.         </q1:SecurityOptions>
  1090.       </Extension>
  1091.       <Name>Security</Name>
  1092.     </ExtensionData>
  1093.   </Computer>
  1094.   <User>
  1095.     <VersionDirectory>0</VersionDirectory>
  1096.     <VersionSysvol>0</VersionSysvol>
  1097.     <Enabled>true</Enabled>
  1098.   </User>
  1099.   <LinksTo>
  1100.     <SOMName>Domain Controllers</SOMName>
  1101.     <SOMPath>pompeii.net/Domain Controllers</SOMPath>
  1102.     <Enabled>true</Enabled>
  1103.     <NoOverride>false</NoOverride>
  1104.   </LinksTo>
  1105. </GPO>
  1106.  
  1107. <GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
  1108.   <Identifier>
  1109.     <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{AC725275-8364-4CD7-BB1D-9916E280B1BC}</Identifier>
  1110.     <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii.net</Domain>
  1111.   </Identifier>
  1112.   <Name>Accounting GPO</Name>
  1113.   <IncludeComments>true</IncludeComments>
  1114.   <CreatedTime>2019-09-26T00:01:55</CreatedTime>
  1115.   <ModifiedTime>2019-09-26T00:01:55</ModifiedTime>
  1116.   <ReadTime>2019-09-26T00:36:16.3197698Z</ReadTime>
  1117.   <SecurityDescriptor>
  1118.     <SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-1144715043-1454487506-3257296345-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
  1119.     <Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  1120.       <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  1121.       <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  1122.     </Owner>
  1123.     <Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  1124.       <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  1125.       <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  1126.     </Group>
  1127.     <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
  1128.     <Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
  1129.       <InheritsFromParent>false</InheritsFromParent>
  1130.       <TrusteePermissions>
  1131.         <Trustee>
  1132.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-519</SID>
  1133.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Enterprise Admins</Name>
  1134.         </Trustee>
  1135.         <Type xsi:type="PermissionType">
  1136.           <PermissionType>Allow</PermissionType>
  1137.         </Type>
  1138.         <Inherited>false</Inherited>
  1139.         <Applicability>
  1140.           <ToSelf>true</ToSelf>
  1141.           <ToDescendantObjects>false</ToDescendantObjects>
  1142.           <ToDescendantContainers>true</ToDescendantContainers>
  1143.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  1144.         </Applicability>
  1145.         <Standard>
  1146.           <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
  1147.         </Standard>
  1148.         <AccessMask>0</AccessMask>
  1149.       </TrusteePermissions>
  1150.       <TrusteePermissions>
  1151.         <Trustee>
  1152.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
  1153.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
  1154.         </Trustee>
  1155.         <Type xsi:type="PermissionType">
  1156.           <PermissionType>Allow</PermissionType>
  1157.         </Type>
  1158.         <Inherited>false</Inherited>
  1159.         <Applicability>
  1160.           <ToSelf>true</ToSelf>
  1161.           <ToDescendantObjects>false</ToDescendantObjects>
  1162.           <ToDescendantContainers>true</ToDescendantContainers>
  1163.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  1164.         </Applicability>
  1165.         <Standard>
  1166.           <GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
  1167.         </Standard>
  1168.         <AccessMask>0</AccessMask>
  1169.       </TrusteePermissions>
  1170.       <TrusteePermissions>
  1171.         <Trustee>
  1172.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
  1173.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
  1174.         </Trustee>
  1175.         <Type xsi:type="PermissionType">
  1176.           <PermissionType>Allow</PermissionType>
  1177.         </Type>
  1178.         <Inherited>false</Inherited>
  1179.         <Applicability>
  1180.           <ToSelf>true</ToSelf>
  1181.           <ToDescendantObjects>false</ToDescendantObjects>
  1182.           <ToDescendantContainers>true</ToDescendantContainers>
  1183.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  1184.         </Applicability>
  1185.         <Standard>
  1186.           <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
  1187.         </Standard>
  1188.         <AccessMask>0</AccessMask>
  1189.       </TrusteePermissions>
  1190.       <TrusteePermissions>
  1191.         <Trustee>
  1192.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-1144715043-1454487506-3257296345-512</SID>
  1193.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">pompeii\Domain Admins</Name>
  1194.         </Trustee>
  1195.         <Type xsi:type="PermissionType">
  1196.           <PermissionType>Allow</PermissionType>
  1197.         </Type>
  1198.         <Inherited>false</Inherited>
  1199.         <Applicability>
  1200.           <ToSelf>true</ToSelf>
  1201.           <ToDescendantObjects>false</ToDescendantObjects>
  1202.           <ToDescendantContainers>true</ToDescendantContainers>
  1203.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  1204.         </Applicability>
  1205.         <Standard>
  1206.           <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
  1207.         </Standard>
  1208.         <AccessMask>0</AccessMask>
  1209.       </TrusteePermissions>
  1210.       <TrusteePermissions>
  1211.         <Trustee>
  1212.           <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
  1213.           <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
  1214.         </Trustee>
  1215.         <Type xsi:type="PermissionType">
  1216.           <PermissionType>Allow</PermissionType>
  1217.         </Type>
  1218.         <Inherited>false</Inherited>
  1219.         <Applicability>
  1220.           <ToSelf>true</ToSelf>
  1221.           <ToDescendantObjects>false</ToDescendantObjects>
  1222.           <ToDescendantContainers>true</ToDescendantContainers>
  1223.           <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
  1224.         </Applicability>
  1225.         <Standard>
  1226.           <GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
  1227.         </Standard>
  1228.         <AccessMask>0</AccessMask>
  1229.       </TrusteePermissions>
  1230.     </Permissions>
  1231.     <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
  1232.   </SecurityDescriptor>
  1233.   <FilterDataAvailable>true</FilterDataAvailable>
  1234.   <Computer>
  1235.     <VersionDirectory>0</VersionDirectory>
  1236.     <VersionSysvol>0</VersionSysvol>
  1237.     <Enabled>true</Enabled>
  1238.   </Computer>
  1239.   <User>
  1240.     <VersionDirectory>0</VersionDirectory>
  1241.     <VersionSysvol>0</VersionSysvol>
  1242.     <Enabled>true</Enabled>
  1243.   </User>
  1244. </GPO>
  1245.  
  1246. </report>
  1247.