fixing broken links

2025-06-15 18:33:43 +00:00 · 2016-06-02 15:05:16 -07:00
parent ec65ca848b
commit 50cb9eaf58
12 changed files with 22 additions and 26 deletions
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@ -501,8 +501,8 @@
 ###### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
 ##### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 ##### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
-###### [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)
-###### [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)
+###### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
+###### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
 ###### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
 ###### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
 ###### [Configure Authentication Methods](configure-authentication-methods.md)
--- a/windows/keep-secure/boundary-zone-gpos.md
+++ b/windows/keep-secure/boundary-zone-gpos.md
@ -25,4 +25,4 @@ The boundary zone GPOs discussed in this guide are only for server versions of W

 In the Woodgrove Bank example, only the GPO settings for a Web service on at least Windows Server 2008 are discussed.

-   [GPO\_DOMISO\_Boundary\_WS2008](gpo-domiso-boundary-ws2008.md)
+-   [GPO\_DOMISO\_Boundary\_WS2008](gpo-domiso-boundary.md)
--- a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
@ -28,5 +28,5 @@ This checklist assumes that you have already created the GPO for the isolated do
 | Make a copy of the domain isolation GPO for this version of Windows to serve as a starting point for the GPO for the boundary zone. Unlike the GPO for the main isolated domain zone, this copy is not changed after deployment to require authentication.| [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md) |
 | If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the boundary zone and version of Windows for which this GPO is intended.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
 | Link the GPO to the domain level of the Active Directory organizational unit hierarchy.| [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
-| Add your test computers to the membership group for the boundary zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)| 
+| Add your test computers to the membership group for the boundary zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| 
 | Verify that the connection security configuration is protecting network traffic with authentication when it can, and that unauthenticated traffic is accepted. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
--- a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
@ -29,5 +29,5 @@ This checklist assumes that you have already created the GPO for the isolated do
 | Modify the group memberships and WMI filters so that they are correct for the encryption zone and the version of Windows for which this GPO is intended. | [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
 | Add the encryption requirements for the zone. | [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)| 
 | Link the GPO to the domain level of the Active Directory organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
-| Add your test computers to the membership group for the encryption zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)| 
+| Add your test computers to the membership group for the encryption zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| 
 | Verify that the connection security rules are protecting network traffic.| [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
--- a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
@ -26,11 +26,11 @@ The following checklists include tasks for configuring connection security rules
 | Configure IPsec to exempt all ICMP network traffic from IPsec protection. | [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)| 
 | Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec. | [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)| 
 | Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)| 
-| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings)| 
+| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)| 
 | Configure the authentication methods to be used. | [Configure Authentication Methods](configure-authentication-methods.md)| 
 | Create the rule that requests authentication for all inbound network traffic. | [Create an Authentication Request Rule](create-an-authentication-request-rule.md)| 
 | Link the GPO to the domain level of the AD DS organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
-| Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)| 
+| Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| 
 | Verify that the connection security rules are protecting network traffic to and from the test computers. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
  

--- a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@ -25,8 +25,8 @@ This checklist includes tasks for configuring connection security rules and IPse
 | To determine which devices receive the GPO, assign the NAG for the isolated servers to the security group filter for the GPO. Make sure that each GPO has the WMI filter for the correct version of Windows.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
 | Configure IPsec to exempt all ICMP network traffic from IPsec protection. | [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)| 
 | Create a rule that exempts all network traffic to and from devices on the exemption list from IPsec. | [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)| 
-| Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange--main-mode--settings.md)| 
-| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection--quick-mode--settings.md)| 
+| Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)| 
+| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)| 
 | Configure the authentication methods to be used. | [Configure Authentication Methods](configure-authentication-methods.md)| 
 | Create a rule that requests authentication for network traffic. Because fallback-to-clear behavior in Windows Vista and Windows Server 2008 has no delay when communicating with devices that cannot use IPsec, you can use the same any-to-any rule used in an isolated domain.| [Create an Authentication Request Rule](create-an-authentication-request-rule.md)| 
 | Link the GPO to the domain level of the Active Directory organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
--- a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
@ -24,7 +24,7 @@ This parent checklist includes cross-reference links to important concepts about
 | Task | Reference |
 | - | - |
 | Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)<br/>[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)<br/>[Planning Certificate-based Authentication](planning-certificate-based-authentication.md) |
-| Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.| [Install Active Directory Certificate Services](install-active-directory-certificate-services.md) |
-| Configure the certificate template for workstation authentication certificates.| [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)| 
+| Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.| |
+| Configure the certificate template for workstation authentication certificates.| [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)| 
 | Configure Group Policy to automatically deploy certificates based on your template to workstation devices. | [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)| 
 | On a test device, refresh Group Policy and confirm that the certificate is installed. | [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)| 
--- a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
@ -30,5 +30,5 @@ The procedures in this section use the Group Policy MMC snap-ins to configure th
 | Create the GPOs and connection security rules for the boundary zone.| [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)| 
 | Create the GPOs and connection security rules for the encryption zone.| [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)| 
 | Create the GPOs and connection security rules for the isolated server zone.| [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)| 
-| According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy rules and settings to your computers.| [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)| 
+| According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy rules and settings to your computers.| [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)| 
 | After you confirm that network traffic is authenticated by IPsec, you can change authentication rules for the isolated domain and encryption zone from request to require mode.| [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)| 
--- a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
@ -27,7 +27,7 @@ This parent checklist includes cross-reference links to important concepts about
 | - | - |
 | Review important concepts and examples for the server isolation policy design to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Server Isolation Policy Design](server-isolation-policy-design.md)<br/>[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)<br/>[Planning Server Isolation Zones](planning-server-isolation-zones.md) |
 | Create the GPOs and connection security rules for isolated servers.| [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)| 
-| Create the GPOs and connection security rules for the client computers that must connect to the isolated servers. | [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)| 
-| Verify that the connection security rules are protecting network traffic on your test computers. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
+| Create the GPOs and connection security rules for the client devices that must connect to the isolated servers. | [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)| 
+| Verify that the connection security rules are protecting network traffic on your test devices. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
 | After you confirm that network traffic is authenticated by IPsec as expected, you can change authentication rules for the isolated server zone to require authentication instead of requesting it. | [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)| 
-| According to the testing and roll-out schedule in your design plan, add computer accounts for the client computers to the membership group so that you can deploy the settings. | [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md) |
+| According to the testing and roll-out schedule in your design plan, add device accounts for the client devices to the membership group so that you can deploy the settings. | [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md) |
--- a/windows/keep-secure/procedures-used-in-this-guide.md
+++ b/windows/keep-secure/procedures-used-in-this-guide.md
@ -27,17 +27,17 @@ The procedures in this section appear in the checklists found earlier in this do

 - [Configure Authentication Methods](configure-authentication-methods.md)

- [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings)
+- [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)

 - [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)

- [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings)
+- [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)

- [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption)
+- [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)

 - [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)

- [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)
+- [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)

 - [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)

@ -63,7 +63,7 @@ The procedures in this section appear in the checklists found earlier in this do

 - [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)

- [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)

 - [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)

@ -73,8 +73,6 @@ The procedures in this section appear in the checklists found earlier in this do

 - [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)

- [Install Active Directory Certificate Services](install-active-directory-certificate-services.md)
-
 - [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)

 - [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
@ -89,8 +87,6 @@ The procedures in this section appear in the checklists found earlier in this do

 - [Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)

- [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md)
-
 - [Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)

 - [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
--- a/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
@ -35,7 +35,7 @@ A host-based firewall helps secure a device by dropping all network traffic that

 The following component is recommended for this deployment goal:

-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more Group Policy objects (GPOs) that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more Group Policy objects (GPOs) that can be automatically applied to all relevant computers in the domain.

 Other means of deploying a firewall policy are available, such as creating scripts that use the netsh command-line tool, and then running those scripts on each computer in the organization. This guide uses Active Directory as a recommended means of deployment because of its ability to scale to very large organizations.

--- a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
@ -35,6 +35,6 @@ This goal provides the following benefits:

 The following components are required for this deployment goal:

-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. For more info about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain.

 **Next: **[Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)