From f17eb8444ffd6e03ab4889af9d940299d9dd56e1 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Fri, 26 Apr 2024 01:37:34 -0700
Subject: [PATCH] More security options

Signed-off-by: Tommy <contact@tommytran.io>
---
 .../Default Domain Policy/Security Options.md                   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Group Policies Objects/Default Domain Policy/Security Options.md b/Group Policies Objects/Default Domain Policy/Security Options.md
index c15600b..fe89890 100644
--- a/Group Policies Objects/Default Domain Policy/Security Options.md	
+++ b/Group Policies Objects/Default Domain Policy/Security Options.md	
@@ -16,6 +16,8 @@ Documentation: https://learn.microsoft.com/en-us/windows/security/application-se
 - Microsoft network client: Digitally sign communications (always) -> Enabled
 - Microsoft network server: Digitally sign communications (always) -> Enabled
 - Network access: Allow anonymous SID/Name translation -> Disabled
+- Network security: Do not store LAN Manager hash value on next password change -> Enabled
+- Network security: Force logoff when logon hours expire -> Disabled
 - Network security: LDAP client signing requirements: Require signing
 - Network security: Restrict NTLM: Incoming NTLM traffic -> Deny all accounts
 - Network security: Restrict NTLM: NTLM authentication in this domain -> Deny all