deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
Brian Lich 69a5e703f5 fixing links
2016-04-28 16:29:11 -07:00

5.2 KiB
Raw Blame History

title, description, ms.assetid, author
title description ms.assetid author
Checklist Implementing a Domain Isolation Policy Design (Windows 10) Checklist Implementing a Domain Isolation Policy Design 76586eb3-c13c-4d71-812f-76bff200fc20 brianlic-msft

Checklist: Implementing a Domain Isolation Policy Design

This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.

Note   Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

The procedures in this section use the Group Policy MMC snap-ins to configure the GPOs, but you can also use Windows PowerShell to configure GPOs. For more information, see Windows Firewall with Advanced Security Administration with Windows PowerShell at http://technet.microsoft.com/library/hh831755.aspx.

For more information about the security algorithms and authentication methods available in each version of Windows, see IPsec Algorithms and Methods Supported in Windows at http://technet.microsoft.com/library/dd125380.aspx.

 

checklist Checklist: Implementing a domain isolation policy design

Task Reference

_

Review important concepts and examples for the domain isolation policy design, determine your Windows Firewall with Advanced Security deployment goals, and customize this design to meet the needs of your organization.

Conceptual topic[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)

Conceptual topic[Domain Isolation Policy Design](domain-isolation-policy-design.md)

Conceptual topic[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)

Conceptual topic[Planning Domain Isolation Zones](planning-domain-isolation-zones.md)

_

Create the GPOs and connection security rules for the isolated domain.

Checklist topic[Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)

_

Create the GPOs and connection security rules for the boundary zone.

Checklist topic[Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)

_

Create the GPOs and connection security rules for the encryption zone.

Checklist topic[Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)

_

Create the GPOs and connection security rules for the isolated server zone.

Checklist topic[Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)

_

According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy rules and settings to your computers.

Procedure topic[Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)

_

After you confirm that network traffic is authenticated by IPsec, you can change authentication rules for the isolated domain and encryption zone from request to require mode.

Procedure topic[Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)