官术网_书友最值得收藏!

Default Domain Controllers Policy

The second GPO that exists by default in even a fresh installation of Group Policy is the Default Domain Controllers (DCs) Policy. As the name implies, this policy is for your DC servers, and taking a look at the policy itself shows us that it is linked to only one location inside Active Directory, an OU called Domain Controllers. Only your DC servers end up inside the DCs OU, so settings in the Default Domain Controllers Policy only ever apply to DCs, but it is once again important to take into account that there are settings inside this policy and so they are applying to all of your DCs immediately upon creating the new domain.

The settings inside this GPO are fairly self-explanatory; it is a policy dedicated to keeping a baseline of security on the DC servers themselves. Settings here include things such as restrictions on who is allowed to log in to DCs, who is allowed to shut down DCs, and who is allowed to do other seemingly innocent tasks such as changing the system time. All of these functions are locked down by default to only certain users and groups of users being able to access them, namely those user accounts who are inside administrative containers and are therefore declared to be administrators:

Unless you have some experience here, it may seem silly that the ability to change the clock on a DC is locked down. However, all machines in the domain receive their time automatically from DCs, and if the computers in your domain fall out of time synchronization with each other, it can create an extremely broken environment. Time management is actually a really big deal within a domain!
主站蜘蛛池模板: 边坝县| 临武县| 河池市| 龙口市| 社会| 吉木萨尔县| 开阳县| 高阳县| 河间市| 庐江县| 监利县| 湖南省| 杭锦后旗| 仁怀市| 奉新县| 南靖县| 安龙县| 托里县| 宁安市| 潼南县| 南部县| 禹城市| 乐陵市| 阳山县| 阿瓦提县| 全椒县| 荆州市| 紫金县| 手游| 南阳市| 晴隆县| 西峡县| 平阴县| 武宁县| 平度市| 崇礼县| 岳阳市| 郸城县| 抚州市| 松江区| 新晃|