Fixed alt text suggestion

windows/security/identity-protection/access-control/active-directory-accounts.md

@@ -386,7 +386,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s
 
     > **Note**  You might have to delegate permissions to join computers to the domain if the account that joins the workstations to the domain does not already have them. For more information, see [Delegation of Administration in Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx).
 
-    ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample1.gif)
+    ![Active Directory local accounts](images/adlocalaccounts-proc1-sample1.gif)
 
 3.  Close Active Directory Users and Computers.
 
@@ -394,13 +394,13 @@ In this procedure, the workstations are dedicated to domain administrators. By s
 
 5.  Right-click the new OU, and > **Create a GPO in this domain, and Link it here**.
 
-    ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample2.png)
+    ![Active Directory local accounts 2](images/adlocalaccounts-proc1-sample2.png)
 
 6.  Name the GPO, and > **OK**.
 
 7.  Expand the GPO, right-click the new GPO, and > **Edit**.
 
-    ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample3.png)
+    ![Active Directory local accounts 3](images/adlocalaccounts-proc1-sample3.png)
 
 8.  Configure which members of accounts can log on locally to these administrative workstations as follows:
 
@@ -419,7 +419,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s
 
     5.  Click **Add User or Group**, type **Administrators**, and > **OK**.
 
-        ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample4.png)
+        ![Active Directory local accounts 4](images/adlocalaccounts-proc1-sample4.png)
 
 9.  Configure the proxy configuration:
 
@@ -427,7 +427,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s
 
     2.  Double-click **Proxy Settings**, select the **Enable proxy settings** check box, type **127.0.0.1** (the network Loopback IP address) as the proxy address, and > **OK**.
 
-        ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample5.png)
+        ![Active Directory local accounts 5](images/adlocalaccounts-proc1-sample5.png)
 
 10. Configure the loopback processing mode to enable the user Group Policy proxy setting to apply to all users on the computer as follows:
 
@@ -459,11 +459,11 @@ In this procedure, the workstations are dedicated to domain administrators. By s
 
     1.  Right-click **Windows Firewall with Advanced Security LDAP://path**, and > **Properties**.
 
-        ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample6.png)
+        ![Active Directory local accounts 6](images/adlocalaccounts-proc1-sample6.png)
 
     2.  On each profile, ensure that the firewall is enabled and that inbound connections are set to **Block all connections**.
 
-        ![Active Directory local accounts.](images/adlocalaccounts-proc1-sample7.png)
+        ![Active Directory local accounts 7](images/adlocalaccounts-proc1-sample7.png)
 
     3.  Click **OK** to complete the configuration.
 
@@ -501,11 +501,11 @@ For this procedure, do not link accounts to the OU that contain workstations for
 
 3.  Right-click **Group Policy Objects**, and > **New**.
 
-    ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample1.png)
+    ![Active Directory local accounts 8](images/adlocalaccounts-proc2-sample1.png)
 
 4.  In the **New GPO** dialog box, name the GPO that restricts administrators from signing in to workstations, and > **OK**.
 
-    ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample2.png)
+    ![Active Directory local accounts 9](images/adlocalaccounts-proc2-sample2.png)
 
 5.  Right-click **New GPO**, and > **Edit**.
 
@@ -519,7 +519,7 @@ For this procedure, do not link accounts to the OU that contain workstations for
 
     3.  Click **Add User or Group**, click **Browse**, type **Domain Admins**, and > **OK**.
 
-        ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample3.png)
+        ![Active Directory local accounts 10](images/adlocalaccounts-proc2-sample3.png)
 
         **Note**  
         You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
@@ -541,7 +541,7 @@ For this procedure, do not link accounts to the OU that contain workstations for
 
     3.  Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**.
 
-        ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample4.png)
+        ![Active Directory local accounts 11](images/adlocalaccounts-proc2-sample4.png)
 
         **Note**  
         You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
@@ -554,7 +554,7 @@ For this procedure, do not link accounts to the OU that contain workstations for
 
     6.  Click **Add User or Group** > **Browse**, type **Domain Admins**, and > **OK**.
 
-        ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample5.png)
+        ![Active Directory local accounts 12](images/adlocalaccounts-proc2-sample5.png)
 
         **Note**  
         You can optionally add any groups that contain server administrators who you want to restrict from signing in to workstations.
@@ -567,11 +567,11 @@ For this procedure, do not link accounts to the OU that contain workstations for
 
     1.  Right-click the workstation OU, and then > **Link an Existing GPO**.
 
-        ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample6.png)
+        ![Active Directory local accounts 13](images/adlocalaccounts-proc2-sample6.png)
 
     2.  Select the GPO that you just created, and > **OK**.
 
-        ![Active Directory local accounts.](images/adlocalaccounts-proc2-sample7.png)
+        ![Active Directory local accounts 14](images/adlocalaccounts-proc2-sample7.png)
 
 10. Test the functionality of enterprise applications on workstations in the first OU and resolve any issues caused by the new policy.
 
@@ -594,7 +594,7 @@ It is a best practice to configure the user objects for all sensitive accounts i
 
 As with any configuration change, test this enabled setting fully to ensure that it performs correctly before you implement it.
 
-![Active Directory local accounts.](images/adlocalaccounts-proc3-sample1.png)
+![Active Directory local accounts 15](images/adlocalaccounts-proc3-sample1.png)
 
 ## <a href="" id="sec-secure-manage-dcs"></a>Secure and manage domain controllers