Re: Securing the communication between all workstations in a domain

From: Ch.Vijay (vijayr@intelligroup.co.in)
Date: 02/17/03


From: "Ch.Vijay" <vijayr@intelligroup.co.in>
Date: Sun, 16 Feb 2003 22:52:51 -0800


Hi Steve

       according to u I placed 2 computers in one OU and
assigned group policy for that OU. Assigned IPsec polocy
as Secure server for that OU

     After some time both machines are unable to
communicate with each together as well as domain
controllers. Domain controllers are able to talk each
together.

Vijay
          

>-----Original Message-----
> Possibly one of the domain controllers had not had
its' policy
>updated yet when the other domain controller was
expecting ipsec
>communications. There are some issues about using ipsec
on domain
>controllers, particularly when it comes to communications
with non domain
>controllers (member servers and workstations). Ipsecmon
is very helpful at
>seeing what is going on. You might want to try using
request security rule
>instead which still would give you secure communications
if all computers in
>the domain are W2K or later. You could also try putting
all computers (with
>exception of domain controllers) in a separate OU with a
security policy for
>ipsec defined for them and not involving the domain
controllers. Most (if
>not all) communications with and between domain
controllers that involve any
>sensitive information is encrypted anyhow, such as
authentication and Active
>Directory replication. Of course if you want to use your
domain controller
>as a file server than that would be a problem, but that
is not recommended
>practice. See links for more info. --- Steve
>
>http://support.microsoft.com/?kbid=254949
>http://www.microsoft.com/windows2000/techinfo/planning/sec
urity/ipsecsteps.a
>sp
>http://www.labmice.net/networking/IPsec.htm
>
>
>"Vijay" <vijayr@intelligroup.co.in> wrote in message
>news:031401c2d587$330e6d80$a301280a@phx.gbl...
>> Hi
>>
>> I want to secure all the communications between all
>> workstations and servers and domain controllers in a
>> domain using IPSec& Kerberose.
>> How can I implement this in windows2003 domain.
>> In my test setup when I select default domain policy as
a
>> secure server in one of the domain controllers ,
>> communcation between domain controllers including
>> replication is not happening? Any solutions..
>
>
>.
>



Relevant Pages

  • Re: Re: Event IDs 1030 & 1058 (again)
    ... Controllers container. ... "Domain Controller Security Policy". ... appear by default on Windows Server 2003. ... >> Windows Platform Support Team ...
    (microsoft.public.windows.group_policy)
  • Re: Receiving a File Replication Service error on 2 DCs.
    ... migration of domain controllers. ... migration of domain controllers, see your HP account manager for the white ... ProLiant Essentials Server Migration Pack... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ...
    (microsoft.public.windows.server.active_directory)
  • Re: Integrating 3 DC into 1 and 2 replication servers
    ... First off you had best check with your countries rules to make sure you ... I have a current network configuration where I have 4 domain controllers ... When I set up the VPN, I want to set the main office Windows 2003 Server ... machine as the main Active Directory and Domain Controller. ...
    (microsoft.public.windows.server.active_directory)
  • building a kernel for IPsec, what dependencies exist for option IPSEC
    ... I'm building a kernel for IPSec and am going off of the handbook ... # SCSI Controllers ... # Power management support ... # PCI Ethernet NICs that use the common MII bus controller code. ...
    (freebsd-questions)
  • Re: How to allow users to create groups and shares
    ... Add the user/group to the Computer configuration, windows settings, security settings, Local policies, "Allow logon locally" in the Default domain controllers policy and on a existing or new created policy for the member servers. ... Filtering: Not Applied ... check with GPMC on the server or from a client the policy settings. ...
    (microsoft.public.windows.server.active_directory)