mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
Add periods to alt text
No other changes
This commit is contained in:
Gary Moore
@ -592,7 +592,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s
|
||||
|
||||
> **Note** You might have to delegate permissions to join computers to the domain if the account that joins the workstations to the domain does not already have them. For more information, see [Delegation of Administration in Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx).
|
||||
|
||||
|
||||
|
||||
|
||||
3. Close Active Directory Users and Computers.
|
||||
|
||||
@ -600,13 +600,13 @@ In this procedure, the workstations are dedicated to domain administrators. By s
|
||||
|
||||
5. Right-click the new OU, and > **Create a GPO in this domain, and Link it here**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Name the GPO, and > **OK**.
|
||||
|
||||
7. Expand the GPO, right-click the new GPO, and > **Edit**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Configure which members of accounts can log on locally to these administrative workstations as follows:
|
||||
|
||||
@ -625,7 +625,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s
|
||||
|
||||
5. Click **Add User or Group**, type **Administrators**, and > **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
9. Configure the proxy configuration:
|
||||
|
||||
@ -633,7 +633,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s
|
||||
|
||||
2. Double-click **Proxy Settings**, select the **Enable proxy settings** check box, type **127.0.0.1** (the network Loopback IP address) as the proxy address, and > **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
10. Configure the loopback processing mode to enable the user Group Policy proxy setting to apply to all users on the computer as follows:
|
||||
|
||||
@ -696,11 +696,11 @@ In this procedure, the workstations are dedicated to domain administrators. By s
|
||||
|
||||
1. Right-click **Windows Firewall with Advanced Security LDAP://path**, and > **Properties**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. On each profile, ensure that the firewall is enabled and that inbound connections are set to **Block all connections**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Click **OK** to complete the configuration.
|
||||
|
||||
@ -738,11 +738,11 @@ For this procedure, do not link accounts to the OU that contain workstations for
|
||||
|
||||
3. Right-click **Group Policy Objects**, and > **New**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. In the **New GPO** dialog box, name the GPO that restricts administrators from signing in to workstations, and > **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Right-click **New GPO**, and > **Edit**.
|
||||
|
||||
@ -756,7 +756,7 @@ For this procedure, do not link accounts to the OU that contain workstations for
|
||||
|
||||
3. Click **Add User or Group**, click **Browse**, type **Domain Admins**, and > **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
**Note**
|
||||
You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
|
||||
@ -778,7 +778,7 @@ For this procedure, do not link accounts to the OU that contain workstations for
|
||||
|
||||
3. Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
**Note**
|
||||
You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
|
||||
@ -791,7 +791,7 @@ For this procedure, do not link accounts to the OU that contain workstations for
|
||||
|
||||
6. Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
**Note**
|
||||
You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
|
||||
@ -804,11 +804,11 @@ For this procedure, do not link accounts to the OU that contain workstations for
|
||||
|
||||
1. Right-click the workstation OU, and then > **Link an Existing GPO**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select the GPO that you just created, and > **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
10. Test the functionality of enterprise applications on workstations in the first OU and resolve any issues caused by the new policy.
|
||||
|
||||
@ -831,7 +831,7 @@ It is a best practice to configure the user objects for all sensitive accounts i
|
||||
|
||||
As with any configuration change, test this enabled setting fully to ensure that it performs correctly before you implement it.
|
||||
|
||||
|
||||
|
||||
|
||||
## <a href="" id="sec-secure-manage-dcs"></a>Secure and manage domain controllers
|
||||
|
||||
|
||||
@ -367,15 +367,15 @@ The following table shows the Group Policy and registry settings that are used t
|
||||
|
||||
3. In the console tree, right-click **Group Policy Objects**, and > **New**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. In the **New GPO** dialog box, type <**gpo\_name**>, and > **OK** where *gpo\_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer.
|
||||
|
||||
|
||||
|
||||
|
||||
5. In the details pane, right-click <**gpo\_name**>, and > **Edit**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by doing the following:
|
||||
|
||||
@ -391,7 +391,7 @@ The following table shows the Group Policy and registry settings that are used t
|
||||
|
||||
2. Right-click **Registry**, and > **New** > **Registry Item**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**.
|
||||
|
||||
@ -407,7 +407,7 @@ The following table shows the Group Policy and registry settings that are used t
|
||||
|
||||
9. Verify this configuration, and > **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
|
||||
|
||||
@ -415,7 +415,7 @@ The following table shows the Group Policy and registry settings that are used t
|
||||
|
||||
2. Right-click the **Workstations** OU, and > **Link an existing GPO**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Select the GPO that you just created, and > **OK**.
|
||||
|
||||
@ -495,11 +495,11 @@ The following table shows the Group Policy settings that are used to deny networ
|
||||
|
||||
4. In the **New GPO** dialog box, type <**gpo\_name**>, and then > **OK** where *gpo\_name* is the name of the new GPO indicates that it is being used to restrict the local administrative accounts from interactively signing in to the computer.
|
||||
|
||||
|
||||
|
||||
|
||||
5. In the details pane, right-click <**gpo\_name**>, and > **Edit**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Configure the user rights to deny network logons for administrative local accounts as follows:
|
||||
|
||||
|
||||
@ -52,7 +52,7 @@ SIDs always remain unique. Security authorities never issue the same SID twice,
|
||||
|
||||
A security identifier is a data structure in binary format that contains a variable number of values. The first values in the structure contain information about the SID structure. The remaining values are arranged in a hierarchy (similar to a telephone number), and they identify the SID-issuing authority (for example, “NT Authority”), the SID-issuing domain, and a particular security principal or group. The following image illustrates the structure of a SID.
|
||||
|
||||
|
||||
|
||||
|
||||
The individual values of a SID are described in the following table.
|
||||
|
||||
|
||||
@ -42,7 +42,7 @@ The following diagram illustrates the Windows authorization and access control
|
||||
|
||||
**Authorization and access control process**
|
||||
|
||||
|
||||
|
||||
|
||||
Security principals are closely related to the following components and technologies:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user