Case of the security policy

Certain group policies are directly managed by SSSD. In such instances, ADSys is not involved at all. This is applicable to Security Settings.

In Windows Group Policy Management Editor,you can locate these keys at [FOREST.ROOT] > Computer Configuration > Windows Settings > Security Settings

Below is a table providing a non-comprehensive list of Security Settings defined in Windows, which are not managed by ADSys but receive partial support through SSSD.

Windows Setting

Account Policies > Password Policy

Enforce password history

Maximum password age

Minimum password age

Minimum password length

Password must meet complexity requirements

Account Policies > Account Lockout Policy

Account lockout duration

Account lockout threshold

Reset account lockout counter after

Local Policies > User Rights Assignment

Access this computer from the network

Allow log on locally

Allow log on through Remote Desktop Services

Change the system time

Change the timezone

Deny access to this computer from the network

Deny log on as a batch job

Deny log on as a service

Deny log on locally

Deny log on through Remote Desktop Services

Log on as a batch job

Log on as a service

Shutdown the system

Local Policies / Security Options

Administrator account status

Shutdown: Allow system to be shut down without having to log on

Get more information on SSSD.