기본 도메인 정책에서 보안 설정이 기록되는 것이 실패
???? : Fail to log Security Settings from Default Domain Policy
?????? ???. ??(Scott Goad)???. ??? ?? ??? ???? ?? ??? ???? ?? ??? ?? ??? ?? ???? ?? ???? ???. ? ???, 2?? ??? ????? ??? ?? ?? ?????, ?? FSMO ??? ??? ????, ?? ??? ???? ??? ????????.
??? ?? ??? ?? ?? ????, ??? ?? ?? ??? GPRESULT /v? ???? ???? ?? ?? ???????. ??? GPRESULT /v? ?? ???? ???? ?? ???? ?? ??? ?????. ??? ???? ??? ??? ??? ?????, ?? ???? ?? ??? ???? ?????, ??? ???? ?????
??? ????? ????? ?????, ??? ???? ??? ????????.
??? ? ??? ????? ?????.
...DC1? GPRESULT ? ??(FSMO ??)...
Account Policies
----------------
GPO: Default Domain Policy
Policy: MaxServiceAge
Computer Setting: 600
GPO: Default Domain Policy
Policy: MaxTicketAge
Computer Setting: 10
GPO: Default Domain Policy
Policy: MaxClockSkew
Computer Setting: 5
GPO: Default Domain Policy
Policy: MaxRenewAge
Computer Setting: 7
...DC2? GPRESULT ? ??(FSMO?)...
Account Policies
----------------
GPO: Default Domain Policy
Policy: MaxServiceAge
Computer Setting: 600
GPO: Default Domain Policy
Policy: MaxTicketAge
Computer Setting: 10
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: 1
GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: 6
GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 4294967295
GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 30
GPO: Default Domain Policy
Policy: MaxClockSkew
Computer Setting: 5
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 8
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 3
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 90
GPO: Default Domain Policy
Policy: MaxRenewAge
Computer Setting: 7
??, ??? ??? ??????, ??? ID 1704? ???????.
???, ?? ??? ??? ?????, ??? ??? ????.
??? ??? ???, ?? ?? ??? ????, ??? ??? ?????? ?????. ??? GPRESULT?? ??? ??? ?????.
? ??? ??? ??? ? ?? ?? ???? ?? ????. ????, ??? ??? ?? ????, ???? ???? ?????. ??? GES(Global Escalation Services) ?? ????? ??????. PDC ?????? ?? DC? ???? ??? ????, ??? ??????. ?????! GPRESULT? ? ?? ??? PDC ????? ??? ?????.
GES? ??? ???? ??? ??? ????? ????. PDC ???????, ?? ??? ???? ??? ??????? ????? ?? ? ??? ?????. ???? ???? ??? ????? ??? ?? ???? ???? ?? ?? ?????? ? ??? ?????. ? ??? ????? ? ???? ??? ?????? Active Directory ??? ?? ?????. ? ??? ??? ????? ??? ????? ???? ?? ?????. ? ??? ????, DC? ?? ???? ??? ??? ?????.
??? ??? ?? ??????.
l minPwdAge
l pwdHistoryLength
l lockoutDuration
l lockOutObservationWindow
l minPwdLength
l lockoutThreshold
l maxPwdAge
l pwdProperties (this is complexity on/off)
? ??? ??? ?? LDP? ? ? ????.
Expanding base 'DC=adatum,DC=com'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: DC=adatum,DC=com
3> objectClass: top; domain; domainDNS;
1> distinguishedName: DC=adatum,DC=com;
1> instanceType: 0x5 = ( DS_INSTANCETYPE_IS_NC_HEAD | IT_WRITE );
1> lockoutDuration: 1800;
1> lockOutObservationWindow: 1800;
1> lockoutThreshold: 0;
1> maxPwdAge: 3710851;
1> minPwdAge: 86400;
1> minPwdLength: 7;
1> modifiedCountAtLastProm: 0;
1> nextRid: 1006;
1> pwdProperties: 1;
1> pwdHistoryLength: 24;
??? ?????.
- Scott “Scooter” Goad