session 8 windows platform dina alkhoudari. learning objectives read only domain controller active...
TRANSCRIPT
Session 8Windows Platform
Dina Alkhoudari
Learning Objectives
Read Only Domain Controller
Active Directory Certificate Service
Group Policy
Read Only Domain Controller Typically placed in the branch office
Maintains a copy of all objects in the domain and all attributes
except secrets.
Authentication is done in the DC at the hub site.
You can configure a PRP for the RODC that specifies user accounts
the RODC is allowed to cache.
Replication is one way; from a writable domain controller to a
RODC.
You can give one or more local support personnel the ability to
maintain an RODC fully, without granting them the equivalence of
domain administrators.
Read Only Domain Controller
Active Directory Certificate
Service
PKI certificates are designed to prove to others
that you are who you say you are
Each member of a public key infrastructure is
chained together in a hierarchy that ends at the
topmost CA
Active Directory Certificate Services provide a
variety of services reagrading public key
infrastructures and certificate usage in general
Active Directory Certificate Service
AD CS supports two CA types:
Satandalone CA A CA that is not necessarily integrated in an AD DS
Are often used as internal root CAs and are taken offline for security
purposes after they have been used to generate certificates for
subordinate servers
Enterprise CA A CA that is integrated in an AD DS
Are often used as issuing CAs-CAs that are subordinate to another CA in a
hierarchy but that actually provide certificates to end users and endpoint
device
Must be highly available
Active Directory Certificate Service
Active Directory Certificate Service
Group Policy
A feature of Windows that enables you to manage change and
configuration for users and computers from a central point of
administration.
It is all about configuring a setting for one or more users or one or
more computers
Some policy settings affect a user regardless of the computer to
which the user logs on; called user configuration settings or user
settings
Other policy settings affect a computer, regardless of which user
logs on to that computer; called computer configuration settings
or computer settings
Group Policy
Group Policy Object (GPO) is an object that contains one or
more policy settings and thereby applies one or more
configuration settings for a user or computer
The scope of group policy can be three: sites, domains and OU
Two filters can be used with GP:
Security filters: specify global security groups to which the GPO
should or should not apply
Windows Management Instrumentation (WMI) filters: specify a
scope, using the characteristics of a system such as operating
system version or free disk space
Group Policy
End of Session
Title