Category: At least Windows Server 2008
Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory
This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services. If you enable this policy setting all affected computers that are running Password Synchronization automatically update a user’s UNIX-based account password when the password is changed in the Windows environment if the user account has been migrated to Active Directory Domain Services. If you disable or do not configure this policy setting individual computers that are running Password Synchronization synchronize changes to UNIX-based user account passwords based upon how the “Windows to NIS (Active Directory) password synchronization” setting on the Configuration tab of the Password Synchronization Properties dialog box is configured.
Set the number of synchronization retries for servers running Password Synchronization
This policy setting allows an administrator to set the number of password synchronization retries that Password Synchronization can attempt in the event a synchronization attempt fails. If you enable this policy setting the number of retries specified in the policy setting applies to all affected computers in the domain that are running Password Synchronization. If you disable or do not configure this policy setting individual computers that are running Password Synchronization retry synchronization the number of times specified on the Configuration tab of the Password Synchronization Properties dialog box. Note: Valid values that can be specified for the number of retries are whole numbers 0 through 9. The default value if the policy setting is enabled is 3.
Turn on extensive logging for Password Synchronization
This policy setting allows an administrator to turn on extensive logging for Password Synchronization. If you enable this policy setting all affected computers that are running Password Synchronization log intermediate steps for password synchronization attempts. If you disable or do not configure this policy setting individual computers that are running Password Synchronization log steps of password synchronization attempts based upon how the “Enable extensive logging” setting on the Configuration tab of the Password Synchronization Properties dialog box is configured.
Group Policy Management Editor
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured the setting of the “Restrict users to the explicitly permitted list of snap-ins” setting determines whether this snap-in is permitted or prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is enabled users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in enable this policy setting. If this policy setting is not configured or disabled this snap-in is prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is disabled or not configured users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in disable this policy setting. If this policy setting is not configured or enabled the snap-in is permitted. When a snap-in is prohibited it does not appear in the Add/Remove Snap-in window in MMC. Also when a user opens a console file that includes a prohibited snap-in the console file opens but the prohibited snap-in does not appear.
Group Policy Starter GPO Editor
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured the setting of the “Restrict users to the explicitly permitted list of snap-ins” setting determines whether this snap-in is permitted or prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is enabled users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in enable this policy setting. If this policy setting is not configured or disabled this snap-in is prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is disabled or not configured users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in disable this policy setting. If this policy setting is not configured or enabled the snap-in is permitted. When a snap-in is prohibited it does not appear in the Add/Remove Snap-in window in MMC. Also when a user opens a console file that includes a prohibited snap-in the console file opens but the prohibited snap-in does not appear.
Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services
This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP. By default Window Server processes user Group Policy settings synchronously. If you enable this policy setting Windows applies user Group Policy settings asynchronously when logging on through Remote Desktop Services. If you disable or do not configure this policy setting Windows Server applies user Group Policy settings synchronously. Note: This policy setting applies only to computers running Remote Desktop Services.