Microsoft
MicrosoftDanielMetzger First of all, thanks for this article. I tried to use it to build a strong 3-Tiers Active Directory organization in my company, based on Windows Server 2019. I'm encountering many issues I hope you can bring me help on :
1) Regarding the step : The "T0 Access (Computer)" GPO defines the following local security policy and targets all Windows systems in Tier 0 with security filtering set to "Tier0-Computers"
When I do that, the 2 DCs in my AD are no more able to replicate the created GPO in SYSVOL and then the SYSVOL sync no more work. No way to find a solution except keeping "Authenticated Users" in security filtering and link the GPO at different OU level where the Tier0-Computers are located.
2) Regarding the 5 below settings changed in the GPO, adding Computer accounts does not prevent login with an authorized T0 account using RDP from an non T0 workstations or server.
I may have missed or misunderstood something. So, thanks in advance for your feedbacks ...
