> For the complete documentation index, see [llms.txt](https://docs.videc.de/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.videc.de/june5-3.7/en/konfigurator/windows-sicherheit.md). # Windows Security Under the *Windows Security* tab, all required parameters can be set. First, the type of Windows security must be defined. Here, *three* options are available: 1. *No Windows Security* - Here, all users are created and managed locally in JUNE5. There is no authentication to external user management. 2. *Local Windows Security* - Here, users of the local Windows computer can be integrated; authentication only occurs against local user management. 3. *Windows Domain* - Here, authentication is performed against an AD (Active Directory). {% hint style="info" %} To get information about operating system configuration, domain membership, domain name or FQDN (Fully Qualified Domain Name), domain type, etc., you can use the following commands in the command line (cmd):\ \ gpresult /r\ gpresult /h C:\Temp\gpreport.html\ net config workstation\ whoami /FQDN\ \ Please contact your IT administration if some parameters cannot be determined. {% endhint %} The following sections refer to the options *Local Windows Security* and *Windows Domain*. ## Settings for Local Windows Security ### Windows Security Domain Name Enter the domain name of the local computer. Check that the operating system configuration is set to *Standalone Workstation* (See gpresult /r) ## Settings for Windows Domain In the input field *Windows Security Domain Name*, in the case of *Windows Domain*, the name of the Windows domain is entered. In the case of *Local Windows Security*, the name of the local computer is entered. ### Windows Security Domain Name Enter the name of your domain. Check that the operating system configuration is set to "Domain/Workgroup Member" (See gpresult /r) SSL\ The SSL checkbox determines whether an encrypted connection to the Domain Controller should be established. Generally, this checkbox is activated.\ \ Host\ In the Host input field, the name or IP address of the Domain Controller is entered. The hostname must be different from the domain name.\ \ Port\ In the Port input field, the port of the Domain Controller is entered. The following ports are commonly used: \ LDAP Service without SSL = 389\ LDAP Service with SSL = 636\ \ Protocol Version\ In the Protocol Version input field, the version of the LDAP protocol is set. Generally, Windows use protocol version 3.\ \ Base\ In the Base input field, the search path of an LDAP path name (Distinguished Name) is entered.\ \ This Base (path name) identifies the object within the hierarchy of the directory, from the lowest level (the object itself) through all containers to the origin of the directory (which in Active Directory is the domain). \ The user "Kai Muster", whose account is stored in the Organizational Unit (OU) "EDV", which is a sub-OU of "User" of the domain videc.de, would have the following Distinguished Name:\ \ CN=Kai Muster, OU=EDV, OU=User, DC=videc, DC=de\ \ The most important abbreviations:\ CN Common Name\ O Organization Name\ OU Organizational Unit Name\ C Country Name\ DC Domain Component\ \ Since the Base is a search path, it is generally sufficient to specify only the actual path: ### Determine Base String With the *Determine Base String* button, the Base string, i.e., the search path of an LDAP path name (Distinguished Name), is determined. \ Backup Host\ In the Backup Host input field, the name or IP address of the redundant Domain Controller is entered.\ \ Backup Port\ In the Port input field, the port of the redundant Domain Controller is entered.\ \ Authentication Type\ The authentication type of the Domain Controller must be selected here. The following options are available: * Anonymous * Basic * Negotiate * Ntlm * Digest * Sicily * Dpa * Msn * External * Kerberos In most cases, the authentication type *Basic* is to be used. ### Test Connection With the *Test Connection* button, a connection to the Host LDAP server can be established and tested to see if a connection is possible. {% hint style="info" %} * The Backup Host and Backup Port fields for configuring a redundant Domain Controller are optional. * For Windows security to work in JUNE5, additional settings must be made in JUNE5 user management (See Settings for Windows Security). * When Windows security is activated, JUNE5 only works with encrypted HTTPS protocol for security reasons. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.videc.de/june5-3.7/en/konfigurator/windows-sicherheit.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.