deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 07:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'pm-20221208-whfb' of github.com:paolomatarazzo/windows-docs-pr into pm-20221208-whfb

Browse Source
This commit is contained in:
Paolo Matarazzo 2022-12-14 17:50:37 -05:00
commit 2b98fb9769
4 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
View File

@ -36,7 +36,7 @@ Windows Hello for Business provisioning performs the initial enrollment of the W
## Create the GPO
Sign in to a domain controller or management workstations with *Domain Admintistrator* equivalent credentials.
Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
1. Start the **Group Policy Management Console** (gpmc.msc)
1. Expand the domain and select the **Group Policy Object** node in the navigation pane
@ -58,7 +58,7 @@ Sign in to a domain controller or management workstations with *Domain Admintist
The best way to deploy the Windows Hello for Business Group Policy object is to use security group filtering. The enables you to easily manage the users that should receive Windows Hello for Business by simply adding them to a group. This enables you to deploy Windows Hello for Business in phases.
Sign in to a domain controller or management workstations with *Domain Admintistrator* equivalent credentials.
Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
1. Start the **Group Policy Management Console** (gpmc.msc)
1. Expand the domain and select the **Group Policy Object** node in the navigation pane

4
windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
View File

@ -52,7 +52,7 @@ Domain controllers automatically request a domain controller certificate (if pub
By default, the Active Directory CA provides and publishes the *Kerberos Authentication* certificate template. The cryptography configuration included in the template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the *Kerberos Authentication* certificate template as a *baseline* to create an updated domain controller certificate template.
Sign in to a CA or management workstations with *Domain Admintistrator* equivalent credentials.
Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
1. Open the **Certification Authority** management console
1. Right-click **Certificate Templates > Manage**
@ -88,7 +88,7 @@ Sign in to a CA or management workstations with *Domain Admintistrator* equivale
The domain controllers may have an existing domain controller certificate. The Active Directory Certificate Services provides a default certificate template for domain controllers called *domain controller certificate*. Later releases of Windows Server provided a new certificate template called *domain controller authentication certificate*. These certificate templates were provided prior to the update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the *KDC Authentication* extension.
The *Kerberos Authentication* certificate template is the most current certificate template designated for domain controllers, and should be the one you deploy to all your domain controllers.\
The *autoenrollment* feature allows to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
The *autoenrollment* feature allows you to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
Sign in to a CA or management workstations with *Enterprise Administrator* equivalent credentials.

4
windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
View File

@ -24,7 +24,7 @@ If you configure the Group Policy for computers, all users that sign-in to those
## Create the GPO
Sign in to a domain controller or management workstations with *Domain Admintistrator* equivalent credentials.
Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
1. Start the **Group Policy Management Console** (gpmc.msc)
1. Expand the domain and select the **Group Policy Object** node in the navigation pane
@ -39,7 +39,7 @@ Sign in to a domain controller or management workstations with *Domain Admintist
The best way to deploy the Windows Hello for Business Group Policy object is to use security group filtering. The enables you to easily manage the users that should receive Windows Hello for Business by simply adding them to a group. This enables you to deploy Windows Hello for Business in phases.
Sign in to a domain controller or management workstations with *Domain Admintistrator* equivalent credentials.
Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
1. Start the **Group Policy Management Console** (gpmc.msc)
1. Expand the domain and select the **Group Policy Object** node in the navigation pane

4
windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
View File

@ -52,7 +52,7 @@ Domain controllers automatically request a domain controller certificate (if pub
By default, the Active Directory CA provides and publishes the *Kerberos Authentication* certificate template. The cryptography configuration included in the template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the *Kerberos Authentication* certificate template as a *baseline* to create an updated domain controller certificate template.
Sign in to a CA or management workstations with *Domain Admintistrator* equivalent credentials.
Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
1. Open the **Certification Authority** management console
1. Right-click **Certificate Templates > Manage**
@ -89,7 +89,7 @@ Sign in to a CA or management workstations with *Domain Admintistrator* equivale
The domain controllers may have an existing domain controller certificate. The Active Directory Certificate Services provides a default certificate template for domain controllers called *domain controller certificate*. Later releases of Windows Server provided a new certificate template called *domain controller authentication certificate*. These certificate templates were provided prior to the update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the *KDC Authentication* extension.
The *Kerberos Authentication* certificate template is the most current certificate template designated for domain controllers, and should be the one you deploy to all your domain controllers.\
The *autoenrollment* feature allows to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
The *autoenrollment* feature allows you to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
Sign in to a CA or management workstations with *Enterprise Administrator* equivalent credentials.