How does domain isolation with Windows 2003 IPsec happen?
- From: Simon <xchenum@xxxxxxxxx>
- Date: Tue, 28 Oct 2008 20:56:35 -0700 (PDT)
Hi all,
I have a question regarding implementing domain isolation with IPsec
support from Windows 2003 (or higher.)
From the examples online, you only need to join a few machines intothe domain and they are magically protected from outsider attacks and
eavesdropping. I am wondering how exactly this should be configured,
especially using a group policy distributed from the domain
controller.
How should I write this policy in the domain controller? The most
naive way is to list all the IP addresses of all the domain members in
a filter list, and apply "secure" action to this filter. My questions
is, what if a new computer joins the domain or someone left? Do I,
presumably the domain admin, need to reconfigure the filter list every
time?
Is there a better way of doing this? Or, can some one show me the
correct way of doing it?
Thanks a lot!
-Simon
.
- Follow-Ups:
- Re: How does domain isolation with Windows 2003 IPsec happen?
- From: Steve Riley [MSFT]
- Re: How does domain isolation with Windows 2003 IPsec happen?
- Prev by Date: Re: How do I manage local admin accounts without a domain or ADS?
- Next by Date: Re: Clear the Paging File at Shutdown What's happening.
- Previous by thread: Unusual security event logs
- Next by thread: Re: How does domain isolation with Windows 2003 IPsec happen?
- Index(es):
Relevant Pages
|
