官术网_书友最值得收藏!

Default Domain Controllers Policy

The second GPO that exists by default in even a fresh installation of Group Policy is the Default Domain Controllers (DCs) Policy. As the name implies, this policy is for your DC servers, and taking a look at the policy itself shows us that it is linked to only one location inside Active Directory, an OU called Domain Controllers. Only your DC servers end up inside the DCs OU, so settings in the Default Domain Controllers Policy only ever apply to DCs, but it is once again important to take into account that there are settings inside this policy and so they are applying to all of your DCs immediately upon creating the new domain.

The settings inside this GPO are fairly self-explanatory; it is a policy dedicated to keeping a baseline of security on the DC servers themselves. Settings here include things such as restrictions on who is allowed to log in to DCs, who is allowed to shut down DCs, and who is allowed to do other seemingly innocent tasks such as changing the system time. All of these functions are locked down by default to only certain users and groups of users being able to access them, namely those user accounts who are inside administrative containers and are therefore declared to be administrators:

Unless you have some experience here, it may seem silly that the ability to change the clock on a DC is locked down. However, all machines in the domain receive their time automatically from DCs, and if the computers in your domain fall out of time synchronization with each other, it can create an extremely broken environment. Time management is actually a really big deal within a domain!
主站蜘蛛池模板: 北京市| 二连浩特市| 耒阳市| 江口县| 香河县| 福泉市| 开原市| 武安市| 淳化县| 伊宁市| 神木县| 盖州市| 中山市| 西畴县| 柳林县| 弥渡县| 精河县| 龙海市| 绍兴市| 岳西县| 睢宁县| 信丰县| 沿河| 丽江市| 盖州市| 鲁山县| 崇文区| 神池县| 屏山县| 左云县| 黄冈市| 营山县| 高尔夫| 阿荣旗| 稻城县| 广州市| 浏阳市| 固原市| 庄浪县| 密云县| 泸定县|