1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-12-21 22:31:44 -05:00

Improvements to LDAPS policies

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-04-18 01:10:03 -07:00
parent 588b7fac36
commit cfce55dd5d
Signed by: Tomster
GPG Key ID: 555C902A34EC968F

View File

@ -4,7 +4,9 @@ Documentation: https://learn.microsoft.com/en-us/windows/security/application-se
`Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options`
- Domain controller: LDAP server signing requirements: Require signing (**Follow this guide to setup LDAPS if you do not have key server: https://www.dvolve.net/blog/2019/12/using-lets-encrypt-for-active-directory-domain-controller-certificates/**)
- Domain controller: LDAP server channel binding token requirements: Always
- Network security: LDAP client signing requirements: Require signing
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode -> Prompt for credentials
- User Account Control: Only elevate executables that are signed and validated -> Enabled
- User Account Control: Switch to the secure desktop when prompting for elevation -> Enabled (Docs says it is enabled by default, but it is off on my Parallels VM somehow)
- Network security: LDAP client signing requirements: Require signing (**Follow this guide to setup LDAPS if you do not have key server: https://www.dvolve.net/blog/2019/12/using-lets-encrypt-for-active-directory-domain-controller-certificates/**)
- User Account Control: Switch to the secure desktop when prompting for elevation -> Enabled (Docs says it is enabled by default, but it is off on my Parallels VM somehow)