Ось дані з двох комп'ютерів.
Пароль кину в ПП

Policy    Security Setting
Interactive logon: Number of previous logons to cache (in case domain controller is not available)    10 logons
Interactive logon: Prompt user to change password before expiration    14 days
Microsoft network server: Amount of idle time required before suspending session    15 minutes
Domain member: Maximum machine account password age    30 days
Accounts: Rename administrator account    Administrator
Devices: Allowed to format and eject removable media    Administrators
Network access: Sharing and security model for local accounts    Classic - local users authenticate as themselves
Network access: Shares that can be accessed anonymously    COMCFG,DFS$
Network access: Named Pipes that can be accessed anonymously    COMNAP,COMNODE,SQL\QUERY,SPOOLSS,LLSRPC,browser
Audit: Audit the access of global system objects    Disabled
Audit: Audit the use of Backup and Restore privilege    Disabled
Audit: Shut down system immediately if unable to log security audits    Disabled
Devices: Prevent users from installing printer drivers    Disabled
Devices: Restrict CD-ROM access to locally logged-on user only    Disabled
Devices: Restrict floppy access to locally logged-on user only    Disabled
Domain member: Disable machine account password changes    Disabled
Domain member: Require strong (Windows 2000 or later) session key    Disabled
Interactive logon: Do not display last user name    Disabled
Interactive logon: Require Domain Controller authentication to unlock workstation    Disabled
Microsoft network client: Digitally sign communications (always)    Disabled
Microsoft network client: Send unencrypted password to third-party SMB servers    Disabled
Microsoft network server: Digitally sign communications (always)    Disabled
Microsoft network server: Digitally sign communications (if client agrees)    Disabled
Network access: Allow anonymous SID/Name translation    Disabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares    Disabled
Network access: Do not allow storage of credentials or .NET Passports for network authentication    Disabled
Network access: Let Everyone permissions apply to anonymous users    Disabled
Network security: Do not store LAN Manager hash value on next password change    Disabled
Network security: Force logoff when logon hours expire    Disabled
Recovery console: Allow automatic administrative logon    Disabled
Recovery console: Allow floppy copy and access to all drives and all folders    Disabled
Shutdown: Clear virtual memory pagefile    Disabled
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing    Disabled
Accounts: Administrator account status    Enabled
Accounts: Guest account status    Enabled
Accounts: Limit local account use of blank passwords to console logon only    Enabled
Devices: Allow undock without having to log on    Enabled
Domain member: Digitally encrypt or sign secure channel data (always)    Enabled
Domain member: Digitally encrypt secure channel data (when possible)    Enabled
Domain member: Digitally sign secure channel data (when possible)    Enabled
Microsoft network client: Digitally sign communications (if server agrees)    Enabled
Microsoft network server: Disconnect clients when logon hours expire    Enabled
Network access: Do not allow anonymous enumeration of SAM accounts    Enabled
Shutdown: Allow system to be shut down without having to log on    Enabled
System objects: Require case insensitivity for non-Windows subsystems    Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)    Enabled
Accounts: Rename guest account    Guest
Network security: LDAP client signing requirements    Negotiate signing
Interactive logon: Smart card removal behavior    No Action
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients    No minimum
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers    No minimum
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax    Not defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax    Not defined
Domain controller: Allow server operators to schedule tasks    Not defined
Domain controller: LDAP server signing requirements    Not defined
Domain controller: Refuse machine account password changes    Not defined
Interactive logon: Display user information when the session is locked    Not defined
Interactive logon: Do not require CTRL+ALT+DEL    Not defined
Interactive logon: Message title for users attempting to log on    Not defined
Interactive logon: Require smart card    Not defined
System objects: Default owner for objects created by members of the Administrators group    Object creator
Network security: LAN Manager authentication level    Send LM & NTLM responses
Network access: Remotely accessible registry paths    System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Devices: Unsigned driver installation behavior    Warn but allow installation
Interactive logon: Message text for users attempting to log on