[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[Profile Description]
Description=A superset of securews. Provides further restrictions on LanManager auth and further requirements for the encryption and signing of secure channel and SMB data.  In order to apply hisecws to a member,all DC's that contain accounts of all users that logon to the client must be running NT4 SP4 or higher.  See online help for further info. 
[System Access]
MinimumPasswordAge = 2
MaximumPasswordAge = 42
MinimumPasswordLength = 8
PasswordComplexity = 1
LockoutBadCount = 5
ResetLockoutCount = 25
LockoutDuration = -1
NewAdministratorName = "Administrator"
NewGuestName = "Jimbo"
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableAdminAccount = 0
EnableGuestAccount = 0
[System Log]
RestrictGuestAccess = 1
[Security Log]
MaximumLogSize = 19456
AuditLogRetentionPeriod = 0
RestrictGuestAccess = 1
[Application Log]
RestrictGuestAccess = 1
[Event Audit]
AuditSystemEvents = 3
AuditLogonEvents = 3
AuditObjectAccess = 3
AuditPrivilegeUse = 3
AuditPolicyChange = 3
AuditAccountManage = 3
AuditProcessTracking = 0
AuditAccountLogon = 2
[Registry Values]
machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel=4,1
machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel=4,1
machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey=4,1
machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal=4,1
machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage=4,30
machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange=4,0
machine\system\currentcontrolset\services\ldap\ldapclientintegrity=4,1
machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature=4,0
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature=4,1
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword=4,0
machine\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess=4,1
machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature=4,1
machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature=4,1
machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff=4,1
machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect=4,15
machine\system\currentcontrolset\control\session manager\protectionmode=4,1
machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown=4,1
machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive=4,1
machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers=4,1
machine\system\currentcontrolset\control\lsa\submitcontrol=4,0
machine\system\currentcontrolset\control\lsa\restrictanonymoussam=4,1
machine\system\currentcontrolset\control\lsa\restrictanonymous=4,1
machine\system\currentcontrolset\control\lsa\nolmhash=4,1
machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec=4,0
machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec=4,0
machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel=4,5
machine\system\currentcontrolset\control\lsa\limitblankpassworduse=4,1
machine\system\currentcontrolset\control\lsa\fullprivilegeauditing=3,0
machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous=4,0
machine\system\currentcontrolset\control\lsa\disabledomaincreds=4,1
machine\system\currentcontrolset\control\lsa\crashonauditfail=4,0
machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon=4,0
machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext=7,Hello world. you are trying ot log on!,oh no!,heehee.. just a test -steven
machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption=1,""
machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername=4,1
machine\software\microsoft\windows\currentversion\policies\system\disablecad=4,0
machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption=1,"1"
machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning=4,14
machine\software\microsoft\windows nt\currentversion\winlogon\forceunlocklogon=4,1
machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount=1,"0"
machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies=1,"0"
machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd=1,"0"
machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms=1,"0"
machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand=4,0
machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel=4,0
machine\software\microsoft\driver signing\policy=3,2
[Group Membership]
*S-1-5-32-544__Memberof =
*S-1-5-32-544__Members = *S-1-5-21-397955417-626881126-188441444-512,*S-1-5-21-1482476501-764733703-839522115-500
*S-1-5-32-547__Memberof =
*S-1-5-32-547__Members =
schan-dev\fake__Memberof =
schan-dev\fake__Members = *S-1-5-21-397955417-626881126-188441444-3065965
[Privilege Rights]
sechangenotifyprivilege = *S-1-5-32-547,*S-1-5-32-545
secreatetokenprivilege =
sedenynetworklogonright =
seenabledelegationprivilege =
seincreasequotaprivilege = *S-1-5-32-544,*S-1-5-20,*S-1-5-19
seinteractivelogonright = *S-1-5-32-545
[Registry Keys]
1="machine\hardware\acpi\dsdt", 0, "D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
2="machine\hardware\acpi\facs", 0, "D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
3="users", 0, "D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
[File Security]
1="c:\slick", 0, "D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)"
[Service General Setting]
1="appmgmt", 3, "D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
2="dhcp", 3, "D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
3="dnscache", 2, "D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
4="trksvr", 2, "D:AR(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
5="trkwks", 2, "D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"