Session 8Windows Platform

Dina Alkhoudari

Learning Objectives

Read Only Domain Controller

Active Directory Certificate Service

Group Policy

Read Only Domain Controller Typically placed in the branch office

Maintains a copy of all objects in the domain and all attributes

except secrets.

Authentication is done in the DC at the hub site.

You can configure a PRP for the RODC that specifies user accounts

the RODC is allowed to cache.

Replication is one way; from a writable domain controller to a

RODC.

You can give one or more local support personnel the ability to

maintain an RODC fully, without granting them the equivalence of

domain administrators.

Read Only Domain Controller

Active Directory Certificate

Service

PKI certificates are designed to prove to others

that you are who you say you are

Each member of a public key infrastructure is

chained together in a hierarchy that ends at the

topmost CA

Active Directory Certificate Services provide a

variety of services reagrading public key

infrastructures and certificate usage in general

Active Directory Certificate Service

AD CS supports two CA types:

Satandalone CA A CA that is not necessarily integrated in an AD DS

Are often used as internal root CAs and are taken offline for security

purposes after they have been used to generate certificates for

subordinate servers

Enterprise CA A CA that is integrated in an AD DS

Are often used as issuing CAs-CAs that are subordinate to another CA in a

hierarchy but that actually provide certificates to end users and endpoint

device

Must be highly available

Active Directory Certificate Service

Active Directory Certificate Service

Group Policy

A feature of Windows that enables you to manage change and

configuration for users and computers from a central point of

administration.

It is all about configuring a setting for one or more users or one or

more computers

Some policy settings affect a user regardless of the computer to

which the user logs on; called user configuration settings or user

settings

Other policy settings affect a computer, regardless of which user

logs on to that computer; called computer configuration settings

or computer settings

Group Policy

Group Policy Object (GPO) is an object that contains one or

more policy settings and thereby applies one or more

configuration settings for a user or computer

The scope of group policy can be three: sites, domains and OU

Two filters can be used with GP:

Security filters: specify global security groups to which the GPO

should or should not apply

Windows Management Instrumentation (WMI) filters: specify a

scope, using the characteristics of a system such as operating

system version or free disk space

Group Policy

End of Session

Title