Re: IPsec sticks around forever
From: James (james.news@reather.com)
Date: 06/04/02
- Next message: Jerry: "Session authentication"
- Previous message: James: "Re: Remote connect to domain without VPN?? How to block."
- In reply to: Ingmar Koecher: "IPsec sticks around forever"
- Next in thread: x y: "Re: IPsec sticks around forever"
- Reply: x y: "Re: IPsec sticks around forever"
- Reply: Ingmar Koecher: "Re: IPsec sticks around forever"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "James" <james.news@reather.com> Date: Tue, 4 Jun 2002 20:50:53 +0200
"Ingmar Koecher" <ingmar.newsgroup@netikus.spam.net> wrote in message
news:adj0vs$k9t$1@msunews.cl.msu.edu...
> I create an IPsec policy for a certain OU in our domain that would force
all
> computers in that OU to encrypt all ip based traffic sent to a certain ip
> range.
>
> This worked just fine, a computer in that OU would negotiate IPsec with
the
> servers (which were configured to respond when requested) and traffic
would
> be encrypted.
>
> Then I moved the computer account out of that OU, rebooted and such but
> realized that it was still using IPsec. Even after a week I realized that
> it was still communicating via IPsec.
>
> What really topped it though was the fact that this computer (the one that
I
> was talking about) is a dual-boot with Linux. I was not able to connect
> from the Linux installation (that had the same IP as the Win2k
> installation) to the servers that the Win2k installation had previously
had
> IPsec used with. But the Linux box could talk to everybody else just fine,
> just not to those Win2k servers that insisted on IPsec being used.
>
> So the Win2k servers obviously had this information somewhere cached it
> seems - and that kind of scares me.
>
> I am planning on using IPsec more widely but the fact that I can't undo it
> freaks me out a little. We actually had another laptop that we had to
> unjoin and then re-join the domain.
>
> Has anybody had a similar experience? I know it sounds strange but that's
> what's happening ...
To remove the effects of group policy, don't you have to *unassign* the
policy and let that take effect *before* removing the computer from the
domain? Otherwise the policy persists forever....
- Next message: Jerry: "Session authentication"
- Previous message: James: "Re: Remote connect to domain without VPN?? How to block."
- In reply to: Ingmar Koecher: "IPsec sticks around forever"
- Next in thread: x y: "Re: IPsec sticks around forever"
- Reply: x y: "Re: IPsec sticks around forever"
- Reply: Ingmar Koecher: "Re: IPsec sticks around forever"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
