Re: Assign Domain Security Policy/Manage remote computer
From: Steven L Umbach (sumbach@ameritech.net)
Date: 03/29/03
- Next message: Michael Lester: "Trojan keeps coming back. Can't find source."
- Previous message: Marlene: "Initial log on security"
- In reply to: Martin: "Assign Domain Security Policy/Manage remote computer"
- Next in thread: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Reply: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Reply: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steven L Umbach" <sumbach@ameritech.net> Date: Sat, 29 Mar 2003 16:28:21 GMT
I would recommend running netdiag and dcdiag on your domain controller
to see if it is set up properly, especially with regards to dns zone
creation and dns srv records. The dc needs to be pointing to itself, by it's
assinged ip address, as it's primary dns server. The clients need to point
to the dc as their dns server. Run netdiag on the client computers to see if
they are correctly configured. As far as ipsec policy. I recommend that you
assignd the "request" (not require) policy to the domain controllers via
domain controllers group/security policy if you need to include them. Then
assign whatever you require to the rest of the domain computers - usually
client (respond only) to workstations and request/require to servers based
on their security needs. Computers of course will need to be in domain/OU
where policy is implemented. Only W2K/XP computers can implement ipsec, so
if you have any W9X or NT4.0 computers they will not be able to communicate
with any computers requiring ipsec. Use ipsecmon to monitor and
troubleshoot ipsec security associations. If you do implement ipsec on the
domain controllers you may want to create a policy exempting dns traffic to
keep network communications responsive. --- Steve
"Martin" <x@y.z> wrote in message
news:eHQYN4S9CHA.3412@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> I've just setup active direcotry, and added other computers to the new
> domain - maintained backwards compatibility with domains, though I did not
> have a domain before.
>
> From my AD server, I can see the other computers and they can also see
each
> other.
>
> I have defined an ISPec policy that I want all computers in the domain to
> adopt. I defined it in the Domain Security Policy section on my AD
server.
> How do I apply it to the other computers in my domain? Simply doing
assign
> by the new policy doesn't seem to work - though there may be an error in
my
> policy settings.
> Roughly the policy has IP filter source My Address, dest Any IP Address,
All
> protocols, and mirror. I had previously used a similar policy explictly
> setup on two separate computers to secure traffic between the two. Now I
> want to have a policy that is administered from AD.
>
> I believe I don't need to define this policy anway else, but each computer
> in my domain needs to adopt it - how do I make that happen?
>
> I tried to do Computer Management on one of the domain members, from my AD
> server, but although I can browse to it, and the shares fine, I can't do
> Computer Management of it from my AD server. I can see the name when I'm
> asked what computer to manage, but it then says "Computer \\mc1.domain.com
> cannot be managed. The network path was not found."
>
> Help!
>
> Thanks
> Martin
>
>
- Next message: Michael Lester: "Trojan keeps coming back. Can't find source."
- Previous message: Marlene: "Initial log on security"
- In reply to: Martin: "Assign Domain Security Policy/Manage remote computer"
- Next in thread: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Reply: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Reply: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
