設定信任 Account 聯盟伺服器 Client 電腦Configure Client Computers to Trust the Account Federation Server

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

這樣 client 電腦成功可以存取使用 Active Directory 同盟服務 (AD FS) 聯盟應用程式,您必須先設定的 Internet Explorer 設定在每個 client 的電腦上,讓瀏覽器信任 account 聯盟伺服器。So that client computers can successfully access federated applications using Active Directory Federation Services (AD FS), you must first configure the Internet Explorer settings on each client computer so that the browser trusts the account federation server. 您可以手動或透過群組原則、 根據您的系統管理喜好設定,請按照下列程序。You can do this manually or through Group Policy, depending on your administrative preference, by completing one of the following procedures.

Internet Explorer 設定以手動方式Configuring Internet Explorer settings manually

您可以手動設定每個使用者的 Internet Explorer 設定,以支援聯盟透過 AD FS 使用下列程序。You can use the following procedure to manually configure each user's Internet Explorer settings to support federation through AD FS. 如果有多個使用者使用一部電腦,請完成此程序多次-每個使用者設定檔的一次。If multiple users use a single computer, complete this procedure multiple times—once for each user profile.

若要執行此程序,將會存取聯盟應用程式的使用者身分登入。To perform this procedure, log on as the user who will be accessing federated applications. 這是 profile\ 特定的設定。This is a profile-specific setting. 因此,則需要您手動特定電腦上加入每個設定檔,有此設定。Therefore, it requires that you manually add this setting for each profile that exists on a specific computer.

若要手動設定信任 account 聯盟伺服器 client 電腦To manually configure client computers to trust the account federation server

  1. Client 在電腦上,[開始] Internet Explorer。On the client computer, start Internet Explorer.

  2. 工具功能表上,按網際網路選項]On the Tools menu, click Internet Options.

  3. 安全性索引標籤上,按近端圖示,然後再按一下網站On the Security tab, click the Local intranet icon, and then click Sites.

  4. 按一下進階,在將這個網站新增到區域,輸入 account 聯盟 server 的完整網域名稱系統 (DNS) 名稱 \ (例如,https://fs1.fabrikam.com),然後按一下 [新增Click Advanced, and in Add this Web site to the zone, type the full Domain Name System (DNS) name of the account federation server (for example, https://fs1.fabrikam.com), and then click Add.

  5. 按一下[確定]三次。Click OK three times.

使用群組原則設定 Internet Explorer 設定Configuring Internet Explorer settings by using Group Policy

針對大部分部署,我們建議使用群組原則推播適當的 Internet Explorer 設定,每個 client 的電腦。For most deployments, we recommend that you use Group Policy to push the appropriate Internet Explorer settings to each client computer.

在成員資格網域系統管理員企業系統管理員 」,或相當於,在 Active Directory Domain Services (AD DS) 的最低需求完成此程序。Membership in Domain Admins or Enterprise Admins, or equivalent, in Active Directory Domain Services (AD DS) is the minimum required to complete this procedure. 檢視詳細資料使用適當的帳號,並群組成員資格,本機和網域預設群組\ (go.microsoft.com\ fwlink\ 方式 http://// # / 嗎?LinkId\ = 83477)。Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

設定要使用群組原則信任 account 聯盟伺服器 client 電腦To configure client computers to trust the account federation server by using Group Policy

  1. Account 合作夥伴公司的樹系的網域控制站,在 [開始]群組原則管理snap\ 中。On a domain controller in the forest of the account partner organization, start the Group Policy Management snap-in.

  2. 尋找適當的群組原則物件 (GPO),right\ 按一下它,然後再按一下編輯Find the appropriate Group Policy Object (GPO), right-click it, and then click Edit.

  3. 在主控台開放使用者 Configuration\Preferences\Windows Settings\Internet Explorer 維護,然後按一下 [安全性In the console tree, open User Configuration\Preferences\Windows Settings\Internet Explorer Maintenance, and then click Security.

  4. 在詳細資料窗格中,按一下 double*安全性區域和內容分級In the details pane, double-click **Security Zones and Content Ratings*.

  5. 區域的安全性和隱私權,按一下 [匯入隱私權設定與目前的安全性區域,然後按一下 [修改設定Under Security Zones and Privacy, click Import the current security zones and privacy settings, and then click Modify Settings.

  6. 按一下近端,然後按網站Click Local intranet, and then click Sites.

  7. 這個網站新增到區域,輸入 account 聯盟 server 的完整 DNS 名稱 \ (例如,https://fs1.fabrikam.com),按一下 [新增,然後按一下 [關閉In Add this Web site to the zone, type the full DNS name of the account federation server (for example, https://fs1.fabrikam.com), click Add, and then click Close.

  8. 按一下[確定]這些變更適用於群組原則來兩次。Click OK two times to apply these changes to Group Policy.