官术网_书友最值得收藏!

Default Domain Controllers Policy

The second GPO that exists by default in even a fresh installation of Group Policy is the Default Domain Controllers (DCs) Policy. As the name implies, this policy is for your DC servers, and taking a look at the policy itself shows us that it is linked to only one location inside Active Directory, an OU called Domain Controllers. Only your DC servers end up inside the DCs OU, so settings in the Default Domain Controllers Policy only ever apply to DCs, but it is once again important to take into account that there are settings inside this policy and so they are applying to all of your DCs immediately upon creating the new domain.

The settings inside this GPO are fairly self-explanatory; it is a policy dedicated to keeping a baseline of security on the DC servers themselves. Settings here include things such as restrictions on who is allowed to log in to DCs, who is allowed to shut down DCs, and who is allowed to do other seemingly innocent tasks such as changing the system time. All of these functions are locked down by default to only certain users and groups of users being able to access them, namely those user accounts who are inside administrative containers and are therefore declared to be administrators:

Unless you have some experience here, it may seem silly that the ability to change the clock on a DC is locked down. However, all machines in the domain receive their time automatically from DCs, and if the computers in your domain fall out of time synchronization with each other, it can create an extremely broken environment. Time management is actually a really big deal within a domain!
主站蜘蛛池模板: 酒泉市| 临夏县| 安福县| 凤山市| 旬阳县| 维西| 三河市| 贵阳市| 双江| 虹口区| 曲靖市| 本溪| 定南县| 海兴县| 洛浦县| 神农架林区| 城口县| 永兴县| 棋牌| 芦溪县| 攀枝花市| 四平市| 中江县| 乃东县| 中山市| 商丘市| 江城| 襄城县| 分宜县| 牡丹江市| 麟游县| 库伦旗| 汶川县| 阿拉善左旗| 嘉义县| 绥江县| 乃东县| 奈曼旗| 盐池县| 会理县| 襄汾县|