Re: Securing the communication between all workstations in a domain

From: Ch.Vijay (vijayr@intelligroup.co.in)
Date: 02/17/03


From: "Ch.Vijay" <vijayr@intelligroup.co.in>
Date: Sun, 16 Feb 2003 22:52:51 -0800


Hi Steve

       according to u I placed 2 computers in one OU and
assigned group policy for that OU. Assigned IPsec polocy
as Secure server for that OU

     After some time both machines are unable to
communicate with each together as well as domain
controllers. Domain controllers are able to talk each
together.

Vijay
          

>-----Original Message-----
> Possibly one of the domain controllers had not had
its' policy
>updated yet when the other domain controller was
expecting ipsec
>communications. There are some issues about using ipsec
on domain
>controllers, particularly when it comes to communications
with non domain
>controllers (member servers and workstations). Ipsecmon
is very helpful at
>seeing what is going on. You might want to try using
request security rule
>instead which still would give you secure communications
if all computers in
>the domain are W2K or later. You could also try putting
all computers (with
>exception of domain controllers) in a separate OU with a
security policy for
>ipsec defined for them and not involving the domain
controllers. Most (if
>not all) communications with and between domain
controllers that involve any
>sensitive information is encrypted anyhow, such as
authentication and Active
>Directory replication. Of course if you want to use your
domain controller
>as a file server than that would be a problem, but that
is not recommended
>practice. See links for more info. --- Steve
>
>http://support.microsoft.com/?kbid=254949
>http://www.microsoft.com/windows2000/techinfo/planning/sec
urity/ipsecsteps.a
>sp
>http://www.labmice.net/networking/IPsec.htm
>
>
>"Vijay" <vijayr@intelligroup.co.in> wrote in message
>news:031401c2d587$330e6d80$a301280a@phx.gbl...
>> Hi
>>
>> I want to secure all the communications between all
>> workstations and servers and domain controllers in a
>> domain using IPSec& Kerberose.
>> How can I implement this in windows2003 domain.
>> In my test setup when I select default domain policy as
a
>> secure server in one of the domain controllers ,
>> communcation between domain controllers including
>> replication is not happening? Any solutions..
>
>
>.
>