Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Checklist: Configuring Rules for the Isolated Domain

Published: October 11, 2012

Updated: October 11, 2012

Applies To: Windows Server 2012



The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.

Checklist Checklist: Configuring isolated domain rules for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2

noteNote
The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other operating system. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.

 

  Task Reference

_

Create a GPO for the computers in the isolated domain running one of the operating systems. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.

Checklist topic Checklist: Creating Group Policy Objects

Checklist topic Copy a GPO to Create a New GPO

_

If you are working on a GPO that was copied from another GPO, modify the group memberships and WMI filters so that they are correct for the isolated domain zone and the version of Windows for which this GPO is intended.

Procedure topic Modify GPO Filters to Apply to a Different Zone or Version of Windows

_

Configure IPsec to exempt all ICMP network traffic from IPsec protection.

Procedure topic Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2

_

Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.

Procedure topic Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2

_

Configure the key exchange (main mode) security methods and algorithms to be used.

Procedure topic Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2

_

Configure the data protection (quick mode) algorithm combinations to be used.

Procedure topic Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2

_

Configure the authentication methods to be used.

Procedure topic Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2

_

Create the rule that requests authentication for all inbound network traffic.

Procedure topic Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2

_

Link the GPO to the domain level of the AD DS organizational unit hierarchy.

Procedure topic Link the GPO to the Domain

_

Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.

Procedure topic Add Test Computers to the Membership Group for a Zone

_

Verify that the connection security rules are protecting network traffic to and from the test computers.

Procedure topic Verify That Network Traffic Is Authenticated

Do not change the rules for any of your zones to require authentication until all of the zones have been set up and are operating correctly.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.