2.1 KiB
title, description, ms.date, appliesto, ms.topic
| title | description | ms.date | appliesto | ms.topic | ||
|---|---|---|---|---|---|---|
| Validate Active Directory prerequisites in an on-premises key trust | Validate Active Directory prerequisites when deploying Windows Hello for Business in a key trust model. | 12/12/2022 |
|
tutorial |
Validate Active Directory prerequisites - on-premises key trust
[!INCLUDE hello-on-premises-key-trust]
Key trust deployments need an adequate number of domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the Windows Hello for Business planning guide and the Planning an adequate number of Domain Controllers for Windows Hello for Business deployments section.
The key registration process for the on-premises deployment of Windows Hello for Business requires the Windows Server 2016 Active Directory or later schema.
Create the Windows Hello for Business Users security group
The Windows Hello for Business Users group is used to make it easy to deploy Windows Hello for Business in phases. You assign Group Policy permissions to this group to simplify the deployment by adding the users to the group. This provides users with the proper permissions to provision Windows Hello for Business.
Sign-in to a domain controller or to a management workstation with a Domain Administrator equivalent credentials.
- Open Active Directory Users and Computers
- Select View > Advanced Features
- Expand the domain node from the navigation pane
- Right-click the Users container. Select New > Group
- Type Windows Hello for Business Users in the Group Name
- Select OK
[!div class="nextstepaction"] Next: validate and configure PKI >