deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

resolves #4486

Browse Source 
#4486 Acronym for group manages service accounts is incorrect in a section of this document

Find & replace fixed this readily
This commit is contained in:
Marty Hernandez Avedon
2019-07-19 11:32:23 -04:00
committed by GitHub
parent f17a3e6548
commit f1a4df41e9
1 changed files with 2 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
View File

@ -19,7 +19,7 @@ ms.reviewer:
# Prepare and Deploy Windows Server 2016 Active Directory Federation Services # Prepare and Deploy Windows Server 2016 Active Directory Federation Services
**Applies to** **Applies to**
- Windows 10, version 1703 or later - Windows 10, version 1703 or later
- On-premises deployment - On-premises deployment
- Certificate trust - Certificate trust
@ -123,7 +123,7 @@ The service account used for the device registration server depends on the domai
Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them. Group Managed Service Accounts, or GMSA have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. The best part of GMSA is all this happens automatically. AD FS supports GMSA and should be configured using them for additional defense in depth security. Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them. Group Managed Service Accounts, or GMSA have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. The best part of GMSA is all this happens automatically. AD FS supports GMSA and should be configured using them for additional defense in depth security.
GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA. Before you can create a GSMA, you must first create a root key for the service. You can skip this if your environment already uses GSMA. GMSA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GMSA. Before you can create a GMSA, you must first create a root key for the service. You can skip this if your environment already uses GMSA.
#### Create KDS Root Key #### Create KDS Root Key
@ -526,12 +526,3 @@ For detailed information about the certificate, use `Certutil -q -v <certificate
3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*) 3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*)
4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md) 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md) 5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)