COLLECTED BY

Collection: Wikipedia Outlinks March 2016

Crawl of outlinks from wikipedia.org started March, 2016. These files are currently not publicly accessible. Properties of this collection. It has been several years since the last time we did this. For this collection, several things were done: 1. Turned off duplicate detection. This collection will be complete, as there is a good chance we will share the data, and sharing data with pointers to random other collections, is a complex problem. 2. For the first time, did all the different wikis. The original runs were just against the enwiki. This one, the seed list was built from all 865 collections.

TIMESTAMPS

The Wayback Machine - https://web.archive.org/web/20170220220636/https://technet.microsoft.com/en-us/windows-server-docs/security/guarded-fabric-shielded-vm/guarded-fabric-configuring-fabric-dns

Table of contents

Shared to

Table of contents +

Windows Server 2016

System Requirements

Release Notes: Important Issues in Windows Server

Recommendations for moving to Windows Server 2016

Upgrade and Conversion Options

Server Role Upgrade and Migration

Server Application Compatibility Table

Features Removed or Deprecated in Windows Server 2016

Windows Server 2016 Edition Comparison

Server Activation Guide

Install Nano Server

Nano Server Quick Start

Deploy Nano Server

IIS on Nano Server

MPIO on Nano Server

Manage Nano Server

Service and Update Nano Server

Developing on Nano Server

PowerShell on Nano Server

Developing PowerShell Cmdlets for Nano Server

Troubleshooting Nano Server

Install Server Core

Configure Server Core with Sconfig.cmd

Install Server with Desktop Experience

Customer Experience Guides for Windows Server 2016

What's New in Windows Server 2016

What's New in the Windows Console in Windows Server 2016

Technology Overview

What's new in Hyper-V

System requirements

Supported Windows guest operating systems

Supported Linux and FreeBSD VMs

CentOS and Red Hat Enterprise Linux VMs

Oracle Linux VMs

Feature Descriptions for Linux and FreeBSD VMs

Best Practices for running Linux

Best practices for running FreeBSD

Feature compatibility by generation and guest

Install Hyper-V

Create a virtual switch

Create a virtual machine

Plan

Discrete Device Assignment

Deploy

Export and import virtual machines

Set up hosts for live migration

Upgrade virtual machine version

Deploy graphics devices using DDA

Deploy storage devices using DDA

Manage

Choose between standard or production checkpoints

Create a VHD set

Enable or disable checkpoints

Manage hosts with Hyper-V Manager

Manage Integration Services

Manage Windows VMs with PowerShell Direct

Set up Hyper-V Replica

Use live migration without Failover Clustering

Get started with Setup and Boot Event Collection

Remote Desktop Services

What's new in RDS?

Supported configurations for RDS

Supported security configurations for Windows 10 VDI

Planning poster for Remote Desktop Services

Host Windows Desktop and Applications using Remote Desktop Services in Azure

Plan and design

Cater to different kinds of users

Access from anywhere

High availability

Multifactor Authentication

Secure data storage

Connect from any device

Choose how you pay

Office 2016 in RDS and VDI deployments

Desktop Hosting Reference Architecture

Remote Desktop Services architecture

Desktop hosting service

Azure services and considerations for desktop hosting

Tenant on-premises components

Build and deploy

Seamlessly deploy RDS with ARM and Azure Marketplace

Migrate your Remote Desktop Services deployments to Windows Server 2016

Migrate your Remote Desktop Services Client Access Licenses (RDS CALs)

Upgrade your Remote Desktop Services deployments to Windows Server 2016

Upgrade Remote Desktop Session Host servers

Upgrade Remote Desktop Virtualization Host servers

Configure your desktop hosting environment

Create virtual machines for Remote Desktop

Prepare your virtual machines for Remote Desktop

Validate and secure your Remote Desktop deployment

Deploy a basic desktop hosting environment using Azure IaaS

Deploy your Remote Desktop environment

Deploy a Remote Desktop Session Host farm to improve availability

Create a virtual machine for the Remote Desktop Session Host server

Prepare the RDSH virtual machine

Add the RDSH server to the collection farm

Deploy a Remote Desktop Connection Broker cluster

Use an Azure SQL database to enable high availability for your Connection Broker

Create a second RD Connection Broker virtual machine

Prepare the RD Connection Broker VM for Remote Desktop

Create an Azure SQL database for the RD Connection Broker

Install the ODBC driver for SQL on each RD Connection Broker server

Create an Azure internal load balancer for Remote Desktop deployment

Add the RD Connection Broker server to the deployment and configure high availability

Configure trusted certificates on RD Connection Broker servers and clients

Deploy a RD Web Access and Gateway farm

Add RD Web and Gateway server to the RDS deployment

Configure the current RD Web and Gateway virtual machine for load balancing

Deploy RemoteApp programs

Add the RDSH Server, create a collection, and publish the RemoteApp programs

Deploy a two-node Storage Spaces Direct file system for UPD storage

Deploy and manage a personal session desktops environment

License your Remote Desktop deployment

Activate the license server

Install RDS CALs on the license server

Track the CALs used in your deployment

Manage users in your RDS collection

Additional Remote Desktop support

Remote Desktop clients

Grant Remote Desktop access to your PC

Getting started with Remote Desktop client on Android

Getting started with Remote Desktop client on iOS

Getting started with Remote Desktop client on Mac

Remote Desktop client FAQ

Remote Desktop URI scheme

MultiPoint Services

Planning a MultiPoint Services Deployment

Introducing MultiPoint Services

Getting started with MultiPoint Services

Common Usage Scenarios

MultiPoint Stations

Selecting Hardware for Your MultiPoint Services System

Hardware Requirements and Performance Recommendations

Variables Affecting MultiPoint Services System Performance

MultiPoint Services Site Planning

Network Considerations and User Accounts

Storing Files with MultiPoint Services

Protecting the System volume with Disk Protection

MultiPoint Services Virtualization Support

Application Considerations

Predeployment Checklist

Migrate MultiPoint Services

Prepare to migrate to MultiPoint Services

Planning worksheet for your migration

Migrate to MultiPoint Services

Post-migration tasks

Deploying MultiPoint Services

Deploy a new MultiPoint Services System

Collect hardware and device drivers needed for the installation

Set up the physical computer and primary station

Install MultiPoint Services

Update and install device drivers if needed

Set the date, time, and time zone

Join the MultiPoint Server to a domain (optional)

Install updates

attach additional stations to your MultiPoint server

Set up a direct-video-connected station

Set up a USB zero client-connected station

Set up an RDP-over-LAN connected station

Manage Client Access Licenses (CAL) with MultiPoint Services

Install software on your MultiPoint Services System

Optional configuration tasks for a MultiPoint Services deployment

Set up a split-screen station

Create Windows 10 Enterprise virtual desktops for stations

Prepare your MultiPoint Services System for users

Plan user accounts for your MultiPoint Services environment

Example scenarios: MultiPoint Services user accounts

Create local user accounts

Limit users' access to the MultiPoint server

Configure stations for automatic logon

Allow one account to have multiple sessions

Enable file sharing in MultiPoint Services

System administration in MultiPoint Services

Configure Disk Protection in MultiPoint Services

Install Server Backup on your MultiPoint system

Configure group policies for a domain deployment

Managing MultiPoint Services

Managing Your MultiPoint Services System

Privacy and Security Considerations

Manage Station Hardware

View Hardware Status

Work with USB Devices

Work with Video Devices

Set Up a Station

Manage System Tasks Using MultiPoint Manager

Edit Server Settings

Restart or Shut Down MultiPoint Systems

Switch Between modes

Enable or Disable Disk Protection

Manage Client Access Licenses

Remap All Stations

Save Connection Settings to File

Add or remove computers

Manage User Stations

View User Connection Status

Log off or Disconnect User Sessions

Suspend and Leave User Session active

End a User Session

Set up a Station for Automatic Logon

Split a User Station

Manage User Accounts

User Account Considerations

Create an Administrative User Account

Create a Standard User Account

Create a MultiPoint Dashboard User Account

Update or delete a User Account

Manage Virtual Desktops

Manage User Files

Keep Files Private

Save and Share Files on a USB Flash Drive

Manage User Desktops Using MultiPoint Dashboard

Block or Unblock a Station

Limit Web Access

Block or Unblock USB Storage

Project a Station to Other Stations

Launch or Close Applications on a Station

Take Control of a User Session

View Options for Session Thumbnails in MultiPoint Dashboard

Log Off User Sessions

Manage MultiPoint Systems Using MultiPoint Dashboard

Restart or Shut Down

Remap selected MultiPoint Systems

Failover Clustering

What's New in Failover Clustering

Fault domain awareness

VM Load Balancing

VM Load Balancing Deep-Dive

Deploy a Cloud Witness for a Failover Cluster

Cluster Operating System Rolling Upgrade

Simplified SMB Multichannel and Multi-NIC Cluster Networks

Identity and Access

Solutions and Scenario Guides

Dynamic Access Control: Scenario Overview

Scenario: Central Access Policy

Deploy a Central Access Policy (Demonstration Steps)

Scenario: File Access Auditing

Plan for File Access Auditing

Deploy Security Auditing with Central Audit Policies (Demonstration Steps)

Scenario: Access-Denied Assistance

Deploy Access-Denied Assistance (Demonstration Steps)

Scenario: Classification-Based Encryption for Office Documents

Deploy Encryption of Office Files (Demonstration Steps)

Scenario: Get Insight into Your Data by Using Classification

Deploy Automatic File Classification (Demonstration Steps)

Scenario: Implement Retention of Information on File Servers

Deploy Implementing Retention of Information on File Servers Demonstration Steps

Deploy Claims Across Forests

Deploy Claims Across forests (Demonstration Steps)

Claims Transformation Rules Language

Appendix A: Dynamic Access Control Glossary

Appendix B: Setting Up the Test Environment

Active Directory Domain Services

What's new in Active Directory Domain Services Technical Preview

AD DS Getting started

Active Directory Domain Services Overview

Active Directory Administrative Center

Introduction to Active Directory Administrative Center Enhancements (Level 100)

Advanced AD DS Management Using Active Directory Administrative Center (Level 200)

Active Directory Domain Services Virtualization

Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)

Virtualized Domain Controller Technical Reference (Level 300)

Virtualized Domain Controller Architecture

Virtualized Domain Controller Deployment and Configuration

Virtualized Domain Controller Troubleshooting

Virtualized Domain Controller Technical Reference appendix

Virtualized Domain Controller additional Resources

Virtualized Domain Controller Cloning Test Guidance for Application Vendors

Support for using Hyper-V Replica for virtualized domain controllers

Windows Time Service

How the Windows Time Service Works

Windows Time Service Tools and Settings

Windows 2016 Accurate Time

Windows Server 2016 Functional Levels

AD DS Design and Planning

Understanding AD DS Design

Identifying Your AD DS Design and Deployment Requirements

AD DS Design Requirements

AD DS Deployment Requirements

Mapping Your Requirements to an AD DS Deployment Strategy

Deploying AD DS in a New Organization

Deploying AD DS in a Windows Server 2003 Organization

Deploying AD DS in a Windows 2000 Organization

Designing the Logical Structure

Understanding the Active Directory Logical model

Identifying the Deployment Project Participants

Creating a Forest Design

Identifying Forest Design Requirements

Service Administrator Scope of Authority

Autonomy vs. Isolation

Determining the Number of Forests Required

Forest Design models

Mapping Design Requirements to Forest Design models

Using the Organizational Domain Forest model

Creating a Domain Design

Reviewing the Domain models

Determining the Number of Domains Required

Determining Whether to Upgrade Existing Domains or Deploy New Domains

Assigning Domain Names

Selecting the Forest Root Domain

Creating a DNS Infrastructure Design

Reviewing DNS Concepts

Domain Controller Location

Active Directory-Integrated DNS Zones

Computer Naming

Disjoint Namespace

Assigning the DNS for AD DS Owner Role

Integrating AD DS into an Existing DNS Infrastructure

Creating an Organizational Unit Design

Reviewing OU Design Concepts

Delegating Administration by Using OU Objects

Aelegating Administration of Default Containers and OUs

Delegating Administration of Account OUs and Resource OUs

Finding additional Resources for Logical Structure Design

Appendix A: DNS Inventory

Designing the Site Topology

Understanding Active Directory Site Topology

Site Topology Owner Role

Active Directory Replication Concepts

Collecting Network Information

Planning Domain Controller Placement

Planning Forest Root Domain Controller Placement

Planning regional Domain Controller Placement

Planning Global Catalog Server Placement

Planning Operations Master Role Placement

Creating a Site Design

Creating a Site Link Design

Setting Site Link Properties

Determining the Cost

Enabling Clients to Locate the Next Closest Domain Controller

Determining the Schedule

Determining the Interval

Creating a Site Link Bridge Design

Finding additional Resources for Windows Server 2008 Active Directory Site Topology Design

Appendix A: Locations and Subnet Prefixes

Enabling Advanced Features for AD DS

Understanding Active Directory Domain Services (AD DS) Functional Levels

Identifying Your Functional Level Upgrade

Finding additional Resources for Enabling Advanced Features

Evaluating AD DS Deployment Strategy Examples

Appendix A: Reviewing Key AD DS Terms

AD DS Deployment

What's New in Active Directory Domain Services Installation and Removal

Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012

AD DS Simplified Administration

Simplified Administration appendix

Install Active Directory Domain Services (Level 100)

Install a New Windows Server 2012 Active Directory Forest (Level 200)

Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)

Install a New Windows Server 2012 Active Directory Child or tree Domain (Level 200)

Install a Windows Server 2012 Active Directory Read-Only Domain Controller (RODC) (Level 200)

Demoting Domain Controllers and Domains (Level 200)

AD DS Installation and removal Wizard Page Descriptions

Changes Made by Adprep

Read-Only Domain Controller Updates

Domain-Wide Updates

Forest-Wide Updates

Troubleshooting Domain Controller Deployment

AD DS Operations

Best Practices for Securing Active Directory

Acknowledgements

Executive Summary

Avenues to compromise

Attractive Accounts for Credential Theft

Reducing the Active Directory attack Surface

Implementing Least-Privilege Administrative models

Implementing Secure Administrative Hosts

Securing Domain Controllers Against attack

Monitoring Active Directory for Signs of compromise

Audit Policy Recommendations

Planning for compromise

Maintaining a more Secure Environment

Summary of Best Practices

Appendix A: Patch and Vulnerability Management Software

Appendix B: Privileged Accounts and Groups in Active Directory

Appendix C: Protected Accounts and Groups in Active Directory

Appendix D: Securing Built-In Administrator Accounts in Active Directory

Appendix E: Securing Enterprise Admins Groups in Active Directory

Appendix F: Securing Domain Admins Groups in Active Directory

Appendix G: Securing Administrators Groups in Active Directory

Appendix H: Securing Local Administrator Accounts and Groups

Appendix I: Creating Management Accounts for Protected Accounts and Groups in Active Directory

Appendix J: Third-Party RBAC Vendors

Appendix K: Third-Party PIM Vendors

Appendix L: Events to Monitor

Appendix M: Document Links and Recommended Reading

Active Directory Replication and Topology Management Using Windows powershell

Introduction to Active Airectory Replication and Topology Management Using Windows PowerShell (Level 100)

Advanced Active Directory Replication and Topology Management Using Windows powershell (Level 200)

Managing RID Issuance

Active Directory Domain Services component Updates

Identity component updates

SPN and UPN uniqueness

Winlogon Automatic Restart Sign-On (ARSO)

TPM Key attestation

CA Backup and Restore Windows powershell cmdlets

Command line process auditing

Directory Services component updates

How to Configure Protected Accounts

How LDAP Server Cookies Are Handled

AD DS Troubleshooting

Configuring a computer for Troubleshooting

Troubleshooting Active Directory Replication Problems

Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)

Event ID 1388 or 1988: A lingering object is detected

A deleted account remains in the address Book, e-mail is not received, or a duplicate account exists

Event ID 2042: It has been too long since this machine replicated

Fixing Replication Security Problems

An "Access denied" or other security error has caused replication problems

Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)

Event ID 1925: attempt to establish a replication link failed due to DNS lookup problem

Event ID 2087: DNS lookup failure caused replication to fail

Event ID 2088: DNS lookup failure occurred with replication success

Fixing Replication Connectivity Problems (Event ID 1925)

Event ID 1925: attempt to establish a replication link failed due to connectivity problem

Fixing Replication Topology Problems (Event ID 1311)

Verify DNS Functionality to Support Directory Replication

Replication error 8614 The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime

Replication error 8524 The DSA operation is unable to proceed because of a DNS lookup failure

Replication error 8456 or 8457 The source | destination server is currently rejecting replication requests

Replication error 8453 Replication access was denied

Replication error 8452 The naming context is in the process of being removed or is not replicated from the specified server

Replication error 5 Access is denied

Replication error -2146893022 The target principal name is incorrect

Replication error 1753 There are no more endpoints available from the endpoint mapper

Replication error 1722 The RPC server is unavailable

Replication error 1396 Logon Failure The target account name is incorrect

Replication error 1256 The remote system is not available

Replication error 1127 While accessing the hard disk, a disk operation failed even after retries

Replication error 8606 Insufficient attributes were given to create an object

Replication error 8451 The replication operation encountered a database error

Additional Resources_12

Active Directory Federation Services

What's new in Active Directory Federation Services for Windows Server 2016

AD FS Scenarios for Developers

AD FS 2016 Requirements

AD FS Design Guide

AD FS Design Guide in Windows Server 2012 R2

Identify Your AD FS Deployment Goals

Plan Your AD FS Deployment Topology

Federation Server Farm Using WID

Federation Server Farm Using WID and Proxies

Federation Server Farm Using SQL Server

AD FS Requirements

AD FS Design Guide in Windows Server 2012

Identifying Your AD FS Deployment Goals

Provide Your Active Directory Users Access to Your Claims-Aware Applications and Services

Provide Your Active Directory Users Access to the Applications and Services of Other Organizations

Provide Users in Another Organization Access to Your Claims-Aware Applications and Services

Mapping Your Deployment Goals to an AD FS Design

Federated Web SSO Design

Determine Your AD FS Deployment Topology

AD FS Deployment Topology Considerations

Stand-Alone Federation Server Using WID

Federation Server Farm Using WID

Federation Server Farm Using WID and Proxies

Federation Server Farm Using SQL Server

Planning Your Deployment

Using AD DS Claims with AD FS

Best Practices for Secure Planning and Deployment of AD FS

Planning for Interoperability with AD FS 1.x

When to Use Identity delegation

Deploying AD FS in the Account Partner Organization

Review the Role of the Federation Server in the Account Partner

Review the Role of the Federation Server Proxy in the Account Partner

Prepare Client computers in the Account Partner

Deploying AD FS in the Resource Partner Organization

Review the Role of the Federation Server in the Resource Partner

Review the Role of the Federation Server Proxy in the Resource Partner

Determine Your Federated Application Strategy in the Resource Partner

Planning Federation Server Placement

When to create a Federation Server

Where to Place a Federation Server

When to create a Federation Server Farm

Certificate Requirements for Federation Servers

Token-Signing Certificates

Service Communications Certificates

Name Resolution Requirements for Federation Servers

Planning Federation Server Proxy Placement

When to create a Federation Server Proxy

Where to Place a Federation Server Proxy

When to create a Federation Server Proxy Farm

Certificate Requirements for Federation Server Proxies

Name Resolution Requirements for Federation Server Proxies

Planning for AD FS Server Capacity

Planning for Federation Server Capacity

Planning for Federation Server Proxy Capacity

Appendix A: Reviewing AD FS Requirements

AD FS Deployment

AD FS Deployment Guide

Upgrading to AD FS in Windows Server 2016

Windows Server 2016 and 2012 R2 AD FS Deployment Guide

Deploying a Federation Server Farm

Join a computer to a Domain

Enroll an SSL Certificate for AD FS

Install the AD FS Role Service

Configure a Federation Server

Configure a federation server with Device registration Service

Configure Corporate DNS for the Federation Service and DRS

Verify your Windows Server 2012 R2 Federation Server Is Operational

Deploying Federation Server Proxies

Azure Active Directory Connect

Windows Server 2012 AD FS Deployment Guide

Planning to Deploy AD FS

Implementing Your AD FS Design Plan

Checklist: Implementing a Web SSO Design

Checklist: Implementing a Federated Web SSO Design

Configure Partner Organizations

Checklist: Configure the Account Partner Organization

Checklist: Configure the Resource Partner Organization

Add an attribute Store

Create a Claims Provider Trust Using Federation Metadata

Create a Relying Party Trust Using Federation Metadata

Add a Claim Description

Configure Client computers to Trust the Account Federation Server

Distribute Certificates to Client computers by Using Group Policy

Configuring Claim Rules

Checklist: Creating Claim Rules for a Claims Provider Trust

Checklist: Creating Claim Rules for a Relying Party Trust

Create a Rule to Pass Through or filter an Incoming Claim

Create a Rule to Send an AD FS 1.x compatible Claim

Create a Rule to Permit All Users

Create a Rule to Permit or Deny Users Based on an Incoming Claim

Create a Rule to Send LDAP attributes as Claims

Create a Rule to Send Group Membership as a Claim

Create a Rule to Transform an Incoming Claim

Create a Rule to Send an Authentication Method Claim

Create a Rule to Send Claims Using a Custom Rule

Deploying Federation Servers

Checklist: Setting Up a Federation Server

Add a Host (A) Resource Record to Corporate DNS for a Federation Server

Manually Configure a Service Account for a Federation Server Farm

Install the Federation Service Role Service

Create the First Federation Server in a Federation Server Farm

Create a Stand-Alone Federation Server

Add a Federation Server to a Federation Server Farm

Add a Token-Signing Certificate

Add a Token-Decrypting Certificate

Set a Service Communications Certificate

Verify That a Federation Server Is Operational

Deploying Federation Server Proxies

Checklist: Setting Up a Federation Server Proxy

Join a computer to a Domain

Configure Name Resolution for a Federation Server Proxy in a DNS Zone That Serves Only the Perimeter Network

Configure Name Resolution for a Federation Server Proxy in a DNS Zone That Serves Both the Perimeter Network and Internet Clients

Export the Private Key Portion of a Server Authentication Certificate

Import a Server Authentication Certificate to the Default Web Site

Install the Federation Service Proxy Role Service

Configure a computer for the Federation Server Proxy Role

Verify That a Federation Server Proxy Is Operational

Configure Performance Monitoring

Interoperating with AD FS 1.x

Checklist: Configuring AD FS to Consume Claims from AD FS 1.x

Checklist: Configuring AD FS to Send Claims to an AD FS 1.x Federation Service

Checklist: Configuring AD FS to Send Claims to an AD FS 1.x Claims-Aware Web Agent

Create a Relying Party Trust Manually

Create a Claims Provider Trust Manually

Create a Rule to Send an AD FS 1.x compatible Claim

Deploy Azure AD Connect Health

AD FS Development

AD FS On-behalf-of Authentication in Windows Server 2016

Enabling OpenId Connect with AD FS 2016

Enabling Oauth Confidential Clients with AD FS 2016

Single Page Application with AD FS

AD FS Operations

Access Control Policies in AD FS

AD FS 2016 Single Sign On Settings

AD FS Rapid Restore Tool

AD FS support for alternate hostname binding for certificate authentication

AD FS user sign-in customization

Add an attribute Store

Auditing Enhancements to AD FS in Windows Server 2016

Best Practices for Securing AD FS

Configure AD FS 2016 and Azure MFA

Configure AD FS Extranet Lockout

Configure AD FS to authenticate users stored in LDAP directories

Configure AD FS to Send Password Expiry Claims

Configure additional Authentication Methods for AD FS

Configure Authentication Policies

Configure Claim Rules

Configure Device-based Conditional Access on-Premises

Configure intranet forms-based authentication for devices that do not support WIA

Configuring Alternate Login ID

Create a Claims Provider Trust

Create a Non-Claims Aware Relying Party Trust

Create a Relying Party Trust

Improved interoperability with SAML 2.0

Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across company Applications

Manage Risk with additional Multi-Factor Authentication for Sensitive Applications

Manage Risk with Conditional Access Control

Plan Device-based Conditional Access on-Premises

Set up an AD FS lab environment

Set up Geographic Redundancy with SQL Server Replication

Set up the lab environment for AD FS in Windows Server 2012 R2

Walkthrough Guide: Manage Risk with additional Multi-Factor Authentication for Sensitive Applications

Walkthrough Guide: Manage Risk with Conditional Access Control

Walkthrough: Workplace Join with a Windows Device

Walkthrough: Workplace Join with an iOS Device

AD FS Technical Reference

Understanding Key AD FS Concepts

The Role of attribute Stores

The Role of the AD FS Configuration Database

The Role of Claims

The Role of Claim Rules

The Role of the Claims Engine

The Role of the Claims Pipeline

The Role of the Claim Rule Language

Determine the type of Claim Rule Template to Use

How URIs Are Used in AD FS

Device registration Technical Reference

Web Application Proxy in Windows Server 2016

Publishing Applications using AD FS Preauthentication

Publishing Applications with SharePoint, Exchange and RDG

Troubleshooting Web Application Proxy

Management and Automation

Microsoft Server Performance Advisor

Server Performance Advisor User's Guide

Server Performance Advisor Pack Development Guide

Server Performance Advisor Pack for Tiered Storage Spaces

Remote Server Administration Tools

Manage the Local Server and the Server Manager Console

Configure Remote Management in Server Manager

Add Servers to Server Manager

Install or Uninstall Roles, Role Services, or Features

Configure Features on Demand in Windows Server

View and Configure Performance, Event, and Service Data

View Task details and Notifications

Run Best Practices Analyzer Scans and Manage Scan Results

Create and Manage Server Groups

Filter, sort, and query Data in Server Manager Tiles

Keyboard Shortcuts for Server Manager

Get started with Software Inventory Logging (SIL)

Manage Software Inventory Logging

Software Inventory Logging Aggregator

Get started with User Access Logging (UAL)

Manage User Access Logging

Windows Server Update Services (WSUS)

Deploy Windows Server Update Services

Plan your WSUS deployment

Step 1: Install the WSUS Server Role

Step 2: Configure WSUS

Step 3: Approve and Deploy Updates in WSUS

Step 4: Configure Group Policy Settings for Automatic Updates

Update Management with Windows Server Update Services

Setting up Update Synchronizations

Managing WSUS Client computers and WSUS computer Groups

Viewing and Managing Updates

WSUS and the Catalog Site

Updates Operations

The Server cleanup Wizard

Running WSUS Replica mode

WSUS Messages and Troubleshooting Tips

Express update delivery ISV support

Migrating the WSUS database from Windows Internal Database (WID) to SQL

Windows Commands

Command-Line Syntax Key

Commands by Server Role

Print Command Reference

Services for Network File System Command Reference

Remote Desktop Services (Terminal Services) Command Reference

Windows Server Backup Command Reference

Windows Server 2016 Supported Networking Scenarios

What's New in Networking

Core Network Guide for Windows Server 2016

Core Network Guide

Core Network companion Guides

Deploy Server Certificates for 802.1X Wired and Wireless Deployments

Server Certificate Deployment Overview

Server Certificate Deployment Planning

Server Certificate Deployment

Install the Web Server WEB1

Create an Alias (CNAME) Record in DNS for WEB1

Configure WEB1 to Distribute Certificate Revocation lists (CRLs)

Prepare the CAPolicy.inf File

Install the Certification Authority

Configure the cdP and AIA Extensions on CA1

Copy the CA Certificate and CRL to the Virtual directory

Configure the Server Certificate Template

Configure Server Certificate Autoenrollment

Refresh Group Policy

Verify Server Enrollment of a Server Certificate

Deploy Password-Based 802.1X Authenticated Wireless Access

Wireless Access Deployment Overview

Wireless Access Deployment Process

Wireless Access Deployment Planning

Wireless Access Deployment

Deploy BranchCache Hosted Cache mode

BranchCache Hosted Cache mode Deployment Overview

BranchCache Hosted Cache mode Deployment Planning

BranchCache Hosted Cache mode Deployment

Install the BranchCache Feature and Configure the Hosted Cache Server by Service Connection Point

Move and Resize the Hosted Cache (Optional)

Prehash and Preload Content on the Hosted Cache Server (Optional)

Create Content Server Data Packages for Web and File Content (Optional)

Import Data Packages on the Hosted Cache Server (Optional)

Configure Client Automatic Hosted Cache Discovery by Service Connection Point

Additional Resources

BranchCache Network Shell and Windows PowerShell Commands

BranchCache Deployment Guide

Choosing a BranchCache Design

Deploy BranchCache

Install and Configure Content Servers

Install Content Servers that Use the BranchCache Feature

Install the BranchCache Feature

Configure Windows Server Update Services (WSUS) Content Servers

Install File Services Content Servers

Configure the File Services server role

Install a New File Server as a Content Server

Configure an Existing File Server as a Content Server

Enable Hash Publication for File Servers

Enable Hash Publication for Non-Domain Member File Servers

Enable Hash Publication for Domain Member File Servers

Create the BranchCache File Servers Organizational Unit

Move File Servers to the BranchCache File Servers Organizational Unit

Create the BranchCache Hash Publication Group Policy Object

Configure the BranchCache Hash Publication Group Policy Object

Enable BranchCache on a File Share (Optional)

Deploy Hosted Cache Servers (Optional)

Prehashing and Preloading Content on Hosted Cache Servers (Optional)

Configure BranchCache Client computers

Use Group Policy to Configure Domain Member Client computers

Use Windows PowerShell to Configure Non-Domain Member Client computers

Configure Firewall Rules for Non-Domain Members to Allow BranchCache Traffic

Verify Client computer Settings

Domain Name System (DNS)

What's New in DNS Client in Windows Server 2016

What's New in DNS Server in Windows Server 2016

DNS Policy Scenario Guide

DNS Policies Overview

Use DNS Policy for Geo-Location Based Traffic Management with Primary Servers

Use DNS Policy for Geo-Location Based Traffic Management with Primary-Secondary Deployments

Use DNS Policy for Intelligent DNS Responses Based on the time of Day

DNS Responses Based on time of Day with an Azure Cloud App Server

Use DNS Policy for Split-Brain DNS Deployment

Use DNS Policy for Split-Brain DNS in Active Directory

Use DNS Policy for Applying Filters on DNS Queries

Use DNS Policy for Application Load Balancing

Use DNS Policy for Application Load Balancing With Geo-Location Awareness

Dynamic Host Configuration Protocol (DHCP)

What's New in DHCP

Hyper-V Virtual Switch

Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET)

Manage Hyper-V Virtual Switch

Configure and View VLAN Settings on Hyper-V Virtual Switch Ports

Create Security Policies with extended Port Access Control lists

IP Address Management (IPAM)

What's New in IPAM

DNS Resource Record Management

Add a DNS Resource Record

Delete DNS Resource Records

Filter the View of DNS Resource Records

View DNS Resource Records for a Specific IP address

DNS Zone Management

Create a DNS Zone

Edit a DNS Zone

View DNS Resource Records for a DNS Zone

Manage Resources in Multiple Active Directory Forests

Purge Utilization Data

Role-based Access Control

Manage Role Based Access Control with Server Manager

Create a User Role for Access Control

Create an Access Policy

Set Access Scope for a DNS Zone

Set Access Scope for DNS Resource Records

View Roles and Role Permissions

Manage Role Based Access Control with Windows PowerShell

Network Load Balancing

Network Offload and Optimization Technologies

Network Policy Server (NPS)

Network Policy Server Best Practices

Getting Started with Network Policy Server

Connection Request Processing

Connection Request Policies

Remote RADIUS Server Groups

Network Policies

Access Permission

Plan Network Policy Server

Plan NPS as a RADIUS server

Plan NPS as a RADIUS proxy

Deploy Network Policy Server

Manage Network Policy Server

Configure Connection Request Policies

Configure Firewalls for RADIUS Traffic

Configure Network Policies

Configure Network Policy Server Accounting

Configure RADIUS Clients

Configure Remote RADIUS Server Groups

Manage Certificates Used with NPS

Configure Certificate Templates for PEAP and EAP Requirements

Manage NPS Servers

Configure NPS on a Multihomed Computer

Configure NPS UDP Port Information

Disable NAS Notification Forwarding

Export an NPS Server Configuration for Import on Another Server

Increase Concurrent Authentications Processed by NPS

Install Network Policy Server

Register an NPS Server in an Active Directory Domain

Unregister an NPS Server from an Active Directory Domain

Use Regular Expressions in NPS

Verify Configuration After NPS Server Changes

Manage NPS Templates

Network Shell (Netsh)

Netsh Command Syntax, Contexts, and Formatting

Network Shell (Netsh) Example Batch File

Network Subsystem Performance Tuning

Choosing a Network Adapter

Configure the Order of Network Interfaces

Performance Tuning Network Adapters

Network-Related Performance Counters

Performance Tools for Network Workloads

NIC Teaming in Virtual Machines (VMs)

NIC Teaming and Virtual Local Area Networks (VLANs)

NIC Teaming MAC address Use and Management

Create a New NIC Team on a Host computer or VM

Create a New NIC Team in a VM

Create a New NIC Team

Troubleshooting NIC Teaming

Border Gateway Protocol (BGP)

BGP Windows PowerShell Command Reference

DirectAccess Deployment paths in Windows Server

Prerequisites for Deploying DirectAccess

DirectAccess Unsupported Configurations

DirectAccess Test Lab Guides

Test Lab Guide: Demonstrate DirectAccess in a Cluster with Windows NLB

Overview of the DirectAccess Cluster-NLB Test Lab Scenario

DirectAccess Cluster-NLB Test Lab Configuration Requirements

Steps for Configuring the DirectAccess Cluster-NLB Test Lab

STEP 1: Complete the DirectAccess Configuration

STEP 2: Configure EDGE1

STEP 3: Install and Configure EDGE2

STEP 4: Create the Network Load Balanced remote Access Cluster

STEP 5: Test DirectAccess Connectivity from the Internet and Through the Cluster

STEP 6: Test DirectAccess Client Connectivity from Behind a Nat Device

STEP 7: Test Connectivity When Returning to the Corpnet

STEP 8: Snapshot the DirectAccess Cluster-NLB Configuration

Test Lab Guide: Demonstrate a DirectAccess Multisite Deployment

Overview of the Test Lab Scenario

Configuration Requirements

Steps for Configuring the Test Lab

STEP 1: Complete the DirectAccess Configuration

STEP 2: Install and Configure ROUTER1

STEP 3: Install and Configure CLIENT2

STEP 4: Configure APP1

STEP 5: Configure DC1

STEP 6: Install and Configure 2-DC1

STEP 7: Install and Configure 2-APP1

STEP 8: Configure INET1

STEP 9: Configure EDGE1

STEP 10: Install and Configure 2-EDGE1

STEP 11: Configure the Multisite Deployment

STEP 12: Test DirectAccess Connectivity

STEP 13: Test DirectAccess Connectivity from Behind a Nat Device

STEP 14: Snapshot the Configuration

Test Lab Guide: Demonstrate DirectAccess with OTP Authentication and RSA SecurID

Overview of the Test Lab Scenario

Configuration Requirements

Steps for Configuring the Test Lab

STEP 1: complete the DirectAccess Configuration

STEP 2: Configure APP1

STEP 3: Configure DC1

STEP 4: Install and Configure RSA and EDGE1

STEP 5: Verify OTP Health on EDGE1

STEP 6: Test DirectAccess Connectivity from the Homenet Subnet

STEP 7: Test DirectAccess Connectivity from the Internet

STEP 8: Snapshot the Configuration

DirectAccess Known Issues

DirectAccess Capacity Planning

DirectAccess offline Domain Join

Troubleshooting DirectAccess

Deploy a Single DirectAccess Server Using the Getting started Wizard

Plan a Basic DirectAccess Deployment

Step 1: Plan the Basic DirectAccess Infrastructure

Step 2: Plan the Basic DirectAccess Deployment

Install and Configure Basic DirectAccess

Step 1: Configure the Basic DirectAccess Infrastructure

Step 2: Configure the Basic DirectAccess Server

Step 3: verify Basic DirectAccess Deployments

Deploy a Single DirectAccess Server with Advanced Settings

Plan an Advanced DirectAccess Deployment

Step 1: Plan the Advanced DirectAccess Infrastructure

Step 2: Plan Advanced DirectAccess Deployments

Install and Configure Advanced DirectAccess

Step 1: Configure Advanced DirectAccess Infrastructure

Step 2: Configure Advanced DirectAccess Servers

Step 3: verify the Advanced DirectAccess Deployment

Add DirectAccess to an Existing Remote Access (VPN) Deployment

Plan to Enable DirectAccess

Step 1: Plan DirectAccess Infrastructure

Step 2: Plan the DirectAccess Deployment

Enable DirectAccess

Step 1: Configure the DirectAccess Infrastructure

Step 2: Configure the DirectAccess-VPN Server

Step 3: Verify the Deployment

GRE Tunneling in Windows Server 2016

Remote Access Server Role Documentation

Deploy Remote Access in an Enterprise

Deploy Remote Access in a Cluster

Plan a Remote Access Cluster Deployment

Step 1: Plan an Advanced Single-Server Deployment

Step 2: Plan Cluster Servers

Step 3: Plan a Load-Balanced Cluster Deployment

Configure a Remote Access Cluster

Step 1: Implement a Single-Server Remote Access Deployment

Step 2: Prepare Cluster Servers

Step 3: Configure a Load-Balanced Cluster

Step 4: Verify the Cluster

Deploy Multiple Remote Access Servers in a Multisite Deployment

Plan a Multisite Deployment

Step 1: Plan an Advanced Single Server Deployment

Step 2: Plan the Multisite Infrastructure

Step 3: Plan the Multisite Deployment

Configure a Multisite Deployment

Step 1: Implement a Single Server Remote Access Deployment

Step 2: Configure the Multisite Infrastructure

Step 3: Configure the Multisite Deployment

Step 4: Verify the Multisite Deployment

Troubleshoot a Multisite Deployment

Troubleshooting Enabling Multisite

Troubleshooting adding Entry Points

Troubleshooting Setting the Entry Point Domain Controller

Troubleshooting Web Probe URLs

Troubleshooting General Issues

Deploy Remote Access with OTP Authentication

Plan Remote Access with OTP Authentication

Step 1: Plan an Advanced Single Server Deployment

Step 2: Plan the RADIUS Server Deployment

Step 3: Plan OTP Certificate Deployment

Step 4: Plan for OTP on the Remote Access Server

Configure Remote Access with OTP Authentication

Step 1: Implement a Single Server Remote Access Deployment

Step 2: Configure the RADIUS Server

Step 3: Configure the Remote Access Server for OTP

Step 4: Verify DirectAccess with OTP

Troubleshoot an OTP Deployment

Troubleshooting Authentication Issues

Troubleshooting Enabling OTP

Deploy Remote Access in a Multi-forest Environment

Plan a Multi-forest Deployment

Configure a Multi-forest Deployment

Manage Remote Access

Use Remote Access Monitoring and Accounting

Monitor the existing load on the Remote Access server

Monitor the configuration distribution status of the Remote Access server

Monitor the operations status of the Remote Access server and its components

Identify and resolve Remote Access server operations problems

Monitor connected remote clients for activity and status

Generate a usage report for remote clients using historical data

Manage DirectAccess Clients Remotely

Plan Deployment for Remote Management of DirectAccess Clients

Step 1: Plan the Remote Access Infrastructure

Step 2: Plan the Remote Access Deployment

Install and Configure Deployment for remote Management of DirectAccess Clients

Step 1: Configure the Remote Access Infrastructure

Step 2: Configure the Remote Access Server

Step 3: Verify the Deployment

Software Defined Networking (SDN)

Introduction to Software Defined Networking in Windows Server 2016

Software Defined Networking Technologies

Hyper-V Network Virtualization

Hyper-V Network Virtualization Overview in Windows Server Technical Preview

Hyper-V Network Virtualization Technical details in Windows Server Technical Preview

What's New in Hyper-V Network Virtualization in Windows Server Technical Preview

Internal DNS Service (iDNS) for SDN

Network Controller

Network Controller High Availability

Install the Network Controller server role using Server Manager

Post-Deployment Steps for Network Controller

Network Function Virtualization

Datacenter Firewall Overview

RAS Gateway for SDN

What's New in RAS Gateway

RAS Gateway Deployment Architecture

RAS Gateway High Availability

Software Load Balancing (SLB) for SDN

Switch Embedded Teaming for SDN

Container Networking

Plan Software Defined Networking

Plan a Software Defined Network Infrastructure

Installation and Preparation Requirements for Deploying Network Controller

Deploy Software Defined Networking

Deploy a Software Defined Network Infrastructure

Deploy a Software Defined Network infrastructure using scripts

Deploy Software Defined Network Technologies using Windows PowerShell

Deploy Network Controller using Windows PowerShell

Manage Software Defined Networking

Manage Tenant Virtual Networks

Understanding Usage of Virtual Networks and VLANs

Use Access Control lists (Acls) to Manage Datacenter Network Traffic Flow

Create, Delete, or Update Tenant Virtual Networks

Add a Virtual Gateway to a Tenant Virtual Network

Connect Container Endpoints to a Tenant Virtual Network

Manage Tenant Workloads

Create a VM and Connect to a Tenant Virtual Network or VLAN

Configure Quality of Service (QoS) for a Tenant VM Network Adapter

Configure Datacenter Firewall Access Control lists (Acls)

Configure the Software Load Balancer for Load Balancing and Network address Translation (Nat)

Use Network Virtual Appliances on a Virtual Network

Guest Clustering in a Virtual Network

Troubleshoot Software Defined Networking

Troubleshoot the Windows Server 2016 Software Defined Networking Stack

System Center Technologies for Software Defined Networking

Microsoft Azure and Software Defined Networking

Contact the Datacenter and Cloud Networking Team

What's new in Storage

Data Deduplication

What's new in Data Deduplication

Understand Data Deduplication

Install and enable Data Deduplication

Run Data Deduplication

Advanced Data Deduplication settings

Data Deduplication interoperability

ReFS

Block cloning on ReFS

ReFS integrity streams

Storage Replica

Stretch Cluster Replication using Shared Storage

Server to server storage replication

Cluster to cluster storage replication

Storage Replica: known issues

Storage Replica: Frequently Asked Questions

Storage Spaces Direct

Understand the cache

Fault tolerance and storage efficiency

Plan

Hardware requirements

Deploy

Hyper-converged solution

Manage

Add servers or drives

Update drive firmware

Storage-class memory health management

Security and Assurance

Device Health attestation

Guarded fabric and shielded VMs

Guarded fabric and shielded VMs overview

Plan a guarded fabric

Guarded fabric and shielded VM planning guide for hosters

Compatible hardware with Windows Server 2016 yirtualization-based protection of code integrity

Guarded fabric and shielded VM planning guide for tenants

Guarded fabric deployment overview

Deploying the Host Guardian Service for guarded hosts and shielded VMs

Setting up the Host Guardian Service - HGS

Configuration steps for Hyper-V hosts that will become guarded hosts

Configuring the fabric DNS for hosts that will become guarded hosts

Admin-trusted attestation - creating a security group and placing hosts in the group

TPM-trusted attestation - capturing information required by HGS

Confirm hosts can attest successfully

Appendix A - Configure Nano server as TPM attested guarded host

Hosting service provider configuration steps for guarded hosts and shielded VMs

Shielded VMs - Hosting service provider deploys guarded hosts in VMM

Shielded VMs - Hosting service provider creates a shielded VM template

Shielded VMs - Hosting service provider prepares a VM Shielding helper VHD

Shielded VMs - Hosting service provider sets up Windows Azure Pack

Tenant configuration steps for shielded VMs

Creating a template disk (optional)

Creating shielding data to define a shielded VM

Deploying a shielded VM by using Windows Azure Pack

Deploying a shielded VM by using Virtual Machine Manager

Manage a guarded fabric

Manage the Host Guardian Service

Troubleshoot a guarded fabric

Troubleshoot using the Guarded Fabric Diagnostic Tool

Troubleshoot the Host Guardian Service

Troubleshoot Guarded Hosts

Securing Privileged Access

Privileged Access Workstations

Securing Privileged Access Reference Material

Software Restriction Policies

Software Restriction Policies Technical Overview

Administer Software Restriction Policies

Determine Allow-Deny list and Application Inventory for Software Restriction Policies

Work with Software Restriction Policies Rules

Use software restriction policies to help protect your computer against an email virus

Troubleshoot Software Restriction Policies

Windows Authentication

Windows Authentication Technical Overview

Windows Authentication Concepts

Windows Logon Scenarios

Windows Authentication Architecture

Security Support Provider Interface Architecture

Credentials Processes in Windows Authentication

Group Policy Settings Used in Windows Authentication

Credentials Protection and Management

Configuring additional LSA Protection

Protected Users Security Group

Authentication Policies and Authentication Policy Silos

Group Managed Service Accounts

Getting started with Group Managed Service Accounts

Create the Key Distribution Services KDS Root Key

Kerberos Authentication

What's new in Kerberos authentication

Kerberos Constrained delegation

Preventing Kerberos change password that uses RC4 secret keys

NTLM

TLS - SSL (Schannel SSP)

TLS changes in Windows 10 and Windows Server 2016

Schannel Security Support Provider Technical Reference

Transport Layer Security protocol

Datagram Transport Layer Security protocol

How User Account Control Works

Windows Defender

Windows Defender Events

Automatic exclusions for Windows Defender

TOC

Collapse the table of content

Expand the table of content

Configuring the fabric DNS for hosts that will become guarded hosts

Ryan Puffer|Last Updated: 2/17/2017

|

2 Contributors

Applies To: Windows Server 2016

A fabric administrator needs to configure the fabric DNS takes to allow guarded hosts must be able to resolve the HGS cluster. The HGS cluster must already be set up by the HGS administrator.

Configure the fabric DNS

There are many ways to configure name resolution on the fabric domain. One simple way is to set up a conditional forwarder zone in DNS for the fabric. To set up this zone, run the following commands in an elevated Windows PowerShell console on a fabric DNS server. Substitute the names and addresses in the Windows PowerShell syntax below as needed for your environment. Add master servers for the additional HGS nodes.

Add-DnsServerConditionalForwarderZone -Name -ReplicationScope "Forest" -MasterServers

Next step

With HGS set up and name resolution in place, it's time to capture information from the hosts and add it to the HGS. How you do this depends on which attestation mode you are using:

Actions	Section
Admin-trusted attestation: Create an Active Directory security group in the fabric domain, add guarded hosts as members, and provide that group identifier to the HGS admin.	See Admin-trusted attestation for a guarded fabric - creating a security group
TPM-trusted attestation: Capture TPM identifiers (also called platform identifiers), create a TPM baseline, and create a Code Integrity policy. Provide those artifacts to the HGS admin.	See TPM-trusted attestation for a guarded fabric - capturing information required by HGS

See also

IN THIS ARTICLE
Configure the fabric DNS
Next step
See also

Feedback Share

(c) 2017 Microsoft