Cyberdyne is the core of the CIS class. It runs Windows Server 2019, and provides Domain Services to the entire class.
CPU: AMD EPYC 7401P
RAM: Crucial 64GB (4 x 16GB) DDR4 ECC Registered 2133
Motherboard: Supermicro H11SSL-i
GPU: GTX 1650 Low Profile
PSU: Seasonic PRIME 80+ Titanium 650W
Case: SilverStone Technology CS380 8-Bay Compact ATX Tower case
Storage:
All user accounts are stored on Cyberdyne, and allows a student to log in to their account on any computer enrolled in the domain.
Cyberdyne also provides domain DNS related services.
No settings defined.
| Policy | Setting | Comment |
|---|---|---|
| Desktop Wallpaper | Enabled | Wallpaper Path: \cyberdyne\PublicShare\Admin.jpg |
| Policy | Setting | Comment |
|---|---|---|
| Add the Run command to the Start Menu | Enabled |
| Policy | Setting |
|---|---|
| Enforce password history | 3 passwords remembered |
| Maximum password age | 90 days |
| Minimum password age | 30 days |
| Password must meet complexity requirements | Enabled |
| Policy | Setting |
|---|---|
| Account lockout duration | 10 minutes |
| Account lockout threshold | 5 invalid logon attempts |
| Reset account lockout counter after | 10 minutes |
| Policy | Setting |
|---|---|
| Interactive logon: Do not require CTRL+ALT+DEL | Disabled |
| Interactive logon: Don't display last signed-in | Enabled |
| Interactive logon: Message text for users attempting to log on | This computer is for use by the CIS Program, Cybersecurity Program, and Computer Club only. |
| Interactive logon: Message title for users attempting to log on | "Unauthorized Access Prohibited" |
| Policy | Setting | Comment |
|---|---|---|
| Settings Page Visibility | Enabled | showonly:bluetooth,sound,about,windowsupdate,troubleshoot |
| Policy | Setting | Comment |
|---|---|---|
| Force a specific default lock screen and logon image | Enabled | Image path: \cyberdyne\PublicShare\lockscreen.jpg Turn off fun facts, tips, tricks, and more on lock screen: Enabled |
| Prevent changing lock screen and logon image | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Windows Defender Firewall: Allow ICMP exceptions | Enabled | Allow outbound destination unreachable: Disabled Allow outbound source quench: Disabled Allow redirect: Disabled Allow inbound echo request: Enabled Allow inbound router request: Disabled Allow outbound time exceeded: Disabled Allow outbound parameter problem: Disabled Allow inbound timestamp request: Disabled Allow inbound mask request: Disabled Allow outbound packet too big: Disabled |
| Windows Defender Firewall: Allow inbound remote administration exception | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Remove "Recently added" list from Start Menu | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Select an active power plan | Enabled | Active Power Plan: High Performance |
| Policy | Setting | Comment |
|---|---|---|
| Configure Windows NTP Client | Enabled | NtpServer: 129.6.15.28 Type: NTP CrossSiteSyncFlags: 2 ResolvePeerBackoffMinutes: 15 ResolvePeerBackoffMaxTimes: 7 SpecialPollInterval: 1024 EventLogFlags: 0 |
| Enable Windows NTP Client | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Set the default behavior for AutoRun | Enabled | Default AutoRun Behavior: Do not execute any autorun commands |
| Turn off Autoplay | Enabled | Turn off Autoplay on: All drives |
| Policy | Setting | Comment |
|---|---|---|
| Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista) | Enabled | Require BitLocker backup to AD DS: Enabled Select BitLocker recovery information to store: Recovery passwords and key packages |
| Policy | Setting | Comment |
|---|---|---|
| Allow commercial data pipeline | Disabled | |
| Allow Desktop Analytics Processing | Disabled | |
| Allow device name to be sent in Windows diagnostic data | Disabled | |
| Allow Telemetry | Disabled | |
| Allow WUfB Cloud Processing | Disabled | |
| Limit Enhanced diagnostic data to the minimum required by Windows Analytics | Disabled |
| Policy | Setting | Comment |
|---|---|---|
| Specify the maximum log file size (KB) | Enabled | Maximum Log Size (KB): 8192 |
| Policy | Setting | Comment |
|---|---|---|
| Specify the maximum log file size (KB) | Enabled | Maximum Log Size (KB): 40960 |
| Policy | Setting | Comment |
|---|---|---|
| Specify the maximum log file size (KB) | Enabled | Maximum Log Size (KB): 8192 |
| Turn on logging | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Specify the maximum log file size (KB) | Enabled | Maximum Log Size (KB): 8192 |
| Policy | Setting | Comment |
|---|---|---|
| Turn On/Off Find My Device | Disabled |
| Policy | Setting | Comment |
|---|---|---|
| Turn off location | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Prevent the usage of OneDrive for file storage | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Allow users to connect remotely by using Remote Desktop Services | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Allow Cloud Search | Disabled | |
| Allow Cortana | Disabled | |
| Allow Cortana above lock screen | Disabled | |
| Allow Cortana Page in OOBE on an AAD account | Disabled | |
| Allow search and Cortana to use location | Disabled | |
| Do not allow web search | Enabled | |
| Don't search the web or display web results in Search | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Turn off the offer to update to the latest version of Windows | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Allow uninstallation of language features when a language is uninstalled | Disabled | |
| Improve inking and typing recognition | Disabled |
| Policy | Setting | Comment |
|---|---|---|
| Prohibit installing or uninstalling color profiles | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Configure Windows Defender SmartScreen | Enabled | Level: Warn |
| Policy | Setting | Comment |
|---|---|---|
| Configure Windows Defender SmartScreen | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Allow Remote Shell Access | Disabled |
| Policy | Setting | Comment |
|---|---|---|
| Prevent users from modifying settings | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Hide the Family options area | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Hide Windows Security Systray | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Hide the Ransomware data recovery area | Enabled | |
| Hide the Virus and threat protection area | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Configure Automatic Updates | Enabled | Configure automatic updating: 4 - Auto download and schedule the install Install during automatic maintenance: Disabled Scheduled install day: 0 - Every day Scheduled install time: 03:00 Every week: Enabled First week of the month: Disabled Second week of the month: Disabled Third week of the month: Disabled Fourth week of the month: Disabled Install updates for other Microsoft products: Enabled |
| Specify deadline before auto-restart for update installation | Enabled | Quality Updates (days): 7 Feature Updates (days): 7 |
| Specify deadlines for automatic updates and restarts | Enabled | Quality Updates Deadline (days): 7 Grace period (days): 2 Feature Updates Deadline (days): 2 Grace Period (days): 7 Don't auto-restart until end of grace period: Yes |
| Turn off auto-restart for updates during active hours | Enabled | Active Hours Start: 6 AM End: 5 PM |
Scheduled Task (At least Windows 7): auto_shutdown
Task
| Name | auto_shutdown |
|---|---|
| Author | SKYNET\cschuler |
| Description | |
| Run only when user is logged on | S4U |
| UserId | System |
| Run with highest privileges | LeastPrivilege |
| Hidden | No |
| Configure for | 1.2 |
| Enabled | Yes |
Triggers
| 1. Daily | ||||
|---|---|---|---|---|
| Activate | 2/20/2025 2:30:00 PM | Synchronize across time zones | No | |
| Enabled | Yes | |||
| Recur every 1 days |
Actions
| 1. Start a program | ||
|---|---|---|
| Program/script | C:\Windows\System32\shutdown.exe | |
| Arguments | /s /t 0 |
Settings
| Start the task only if the computer is idle for | 15 minutes |
|---|---|
| Wait for idle for | 2 hours |
| Stop if the computer ceases to be idle | No |
| Restart if the idle state resumes | No |
| Start the task only if the computer is on AC power | No |
| Stop if the computer switches to battery power | No |
| Allow task to be run on demand | No |
| Stop task if it runs longer than | Immediately |
| If the running task does not end when requested, force it to stop | No |
| If the task is already running, then the following rule applies | IgnoreNew |
Options
| Stop processing items on this extension if an error occurs on this item | No |
|---|---|
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Policy | Setting | Comment |
|---|---|---|
| Configure Windows NTP Client | Enabled | NtpServer: 129.6.15.28 Type: NT5DS CrossSiteSyncFlags: 2 ResolvePeerBackoffMinutes: 15 ResolvePeerBackoffMaxTimes: 7 SpecialPollInterval: 1024 EventLogFlags: 0 |
| Enable Windows NTP Client | Enabled |
No settings defined.
| Policy | Setting |
|---|---|
| Enforce password history | 24 passwords remembered |
| Maximum password age | 90 days |
| Minimum password age | 1 days |
| Minimum password length | 7 characters |
| Password must meet complexity requirements | Enabled |
| Store passwords using reversible encryption | Disabled |
| Policy | Setting |
|---|---|
| Account lockout duration | 10 minutes |
| Account lockout threshold | 5 invalid logon attempts |
| Allow administrator account lockout | Enabled |
| Reset account lockout counter after | 10 minutes |
| Policy | Setting | Comment |
|---|---|---|
| Set Group Policy refresh interval for computers | Enabled | Interval: 15 min Random Buffer: 5 min |
| Policy | Setting | Comment |
|---|---|---|
| Configure Windows NTP Client | Enabled | NtpServer: 129.6.15.28 Type: NT5DS CrossSiteSyncFlags: 2 ResolvePeerBackoffMinutes: 15 ResolvePeerBackoffMaxTimes: 7 SpecialPollInterval: 1024 EventLogFlags: 0 |
| Enable Windows NTP Client | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Allow users to connect remotely by using Remote Desktop Services | Enabled | |
| Limit number of connections | Enabled | RD Maximum Connections allowed: 1 |
| Policy | Setting | Comment |
|---|---|---|
| End session when time limits are reached | Enabled | |
| Set time limit for active but idle Remote Desktop Services sessions | Enabled | Idle session limit: 15 minutes |
| Set time limit for active Remote Desktop Services sessions | Enabled | Active session limit: 1 hour |
| Set time limit for disconnected sessions | Enabled | End a disconnected session: 5 minutes |
| Policy | Setting | Comment |
|---|---|---|
| Allow remote server management through WinRM | Enabled |
No settings defined.
No settings defined.
| Policy | Setting | Comment |
|---|---|---|
| Desktop Wallpaper | Enabled | Wallpaper Path: \cyberdyne\PublicShare\Guest.jpg |
No settings defined.
| Policy | Setting | Comment |
|---|---|---|
| Desktop Wallpaper | Enabled | Wallpaper Path: \cyberdyne\PublicShare\L1.jpg |
No settings defined.
| Policy | Setting | Comment |
|---|---|---|
| Desktop Wallpaper | Enabled | Wallpaper Path: \cyberdyne\PublicShare\L2.jpg |
No settings defined.
| Policy | Setting | Comment |
|---|---|---|
| Desktop Wallpaper | Enabled | Wallpaper Path: \cyberdyne\PublicShare\L3.jpg |