From dd77093efee129706553c847a82fe998e06b0d19 Mon Sep 17 00:00:00 2001 From: Tommy Date: Thu, 18 Apr 2024 02:42:03 -0700 Subject: [PATCH] Move disclaimer up Signed-off-by: Tommy --- .../Default Domain Policy/Security Options.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Group Policies Objects/Default Domain Policy/Security Options.md b/Group Policies Objects/Default Domain Policy/Security Options.md index f7946ee..2872852 100644 --- a/Group Policies Objects/Default Domain Policy/Security Options.md +++ b/Group Policies Objects/Default Domain Policy/Security Options.md @@ -4,7 +4,9 @@ Documentation: https://learn.microsoft.com/en-us/windows/security/application-se `Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options` -- Domain controller: LDAP server signing requirements: Require signing (**Follow this guide to setup LDAPS if you do not have key server: https://www.dvolve.net/blog/2019/12/using-lets-encrypt-for-active-directory-domain-controller-certificates/**) +(**Follow this guide to setup LDAPS if you do not have key server: https://www.dvolve.net/blog/2019/12/using-lets-encrypt-for-active-directory-domain-controller-certificates/**) + +- Domain controller: LDAP server signing requirements: Require signing - Domain controller: LDAP server channel binding token requirements: Always - Domain member: Digitally encrypt or sign secure channel data (always) -> Enabled - Microsoft network client: Digitally sign communications (always) -> Enabled