1. Session 8 Windows Platform Dina Alkhoudari

2. Learning Objectives Read Only Domain Controller Active Directory Certificate Service Group Policy

3. Read Only Domain Controller Typically placed in the branch office Maintains a copy of all objects in the domain and all attributes except secrets. Authentication is done in the DC at the hub site. You can configure a PRP for the RODC that specifies user accounts the RODC is allowed to cache. Replication is one way; from a writable domain controller to a RODC. You can give one or more local support personnel the ability to maintain an RODC fully, without granting them the equivalence of domain administrators.

4. Read Only Domain Controller

5. Active Directory Certificate Service PKI certificates are designed to prove to others that you are who you say you are Each member of a public key infrastructure is chained together in a hierarchy that ends at the topmost CA Active Directory Certificate Services provide a variety of services reagrading public key infrastructures and certificate usage in general

6. Active Directory Certificate Service AD CS supports two CA types: Satandalone CA A CA that is not necessarily integrated in an AD DS Are often used as internal root CAs and are taken offline for security purposes after they have been used to generate certificates for subordinate servers Enterprise CA A CA that is integrated in an AD DS Are often used as issuing CAs-CAs that are subordinate to another CA in a hierarchy but that actually provide certificates to end users and endpoint device Must be highly available

7. Active Directory Certificate Service

9. Group Policy A feature of Windows that enables you to manage change and configuration for users and computers from a central point of administration. It is all about configuring a setting for one or more users or one or more computers Some policy settings affect a user regardless of the computer to which the user logs on; called user configuration settings or user settings Other policy settings affect a computer, regardless of which user logs on to that computer; called computer configuration settings or computer settings

10. Group Policy Group Policy Object (GPO) is an object that contains one or more policy settings and thereby applies one or more configuration settings for a user or computer The scope of group policy can be three: sites, domains and OU Two filters can be used with GP: Security filters: specify global security groups to which the GPO should or should not apply Windows Management Instrumentation (WMI) filters: specify a scope, using the characteristics of a system such as operating system version or free disk space

11. Group Policy

12. End of Session Title