See the following table for details about using this tool in the role for which your computer is configured. Register the appropriate role extension file using the Scwcmd command-line tool. For more information, see Install the Federation Service Proxy Role Service in the AD FS Deployment Guide. Install AD FS and choose the appropriate server role for that computer. To apply the AD FS role extensions in the SCW, complete the following steps in order: Proxy.xml (This file is present only if you configured the computer in the federation server proxy role.) The following role extension files are installed in the C:WindowsADFSScw directory: When you install AD FS, the setup program creates role extension files that you can use with the SCW to create a security policy that will apply to the specific AD FS server role (either federation server or federation server proxy) that you choose during setup.Įach role extension file that is installed represents the type of role and subrole for which each computer is configured. You can use it to apply security best practices that can help reduce the attack surface for a server, based on the server roles that you are installing. The Security Configuration Wizard (SCW) is a tool that comes preinstalled on all Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 computers. Use the Security Configuration Wizard to apply AD FS-specific security best practices to federation servers and federation server proxy computers For more information, see Active Directory administrative tier model. The following core best practices are common to all AD FS installations where you want to improve or extend the security of your design or deployment:īecause AD FS is fundamentally an authentication system, it should be treated as a "Tier 0" system like other identity systems on your network. The information in this topic is meant to complement and extend your existing security planning and other design best practices. This topic is a starting point for reviewing and assessing considerations that affect the overall security of your use of AD FS. This topic provides best-practice information to help you plan and evaluate security when you design your Active Directory Federation Services (AD FS) deployment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |