Re: Assign Domain Security Policy/Manage remote computer
From: Martin (x@y.z)
Date: 03/29/03
- Next message: Daniel Billingsley: "Re: Trojan keeps coming back. Can't find source."
- Previous message: Martin: "Re: Machine policy when user logged onto local machine"
- In reply to: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Next in thread: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Martin" <x@y.z> Date: Sat, 29 Mar 2003 16:52:45 -0000
Thanks for the comprehensive reply, Steve.
I'll give that a go.
Martin
"Steven L Umbach" <sumbach@ameritech.net> wrote in message
news:FQjha.328$kd1.378217@newssrv26.news.prodigy.com...
> I would recommend running netdiag and dcdiag on your domain
controller
> to see if it is set up properly, especially with regards to dns zone
> creation and dns srv records. The dc needs to be pointing to itself, by
it's
> assinged ip address, as it's primary dns server. The clients need to point
> to the dc as their dns server. Run netdiag on the client computers to see
if
> they are correctly configured. As far as ipsec policy. I recommend that
you
> assignd the "request" (not require) policy to the domain controllers via
> domain controllers group/security policy if you need to include them. Then
> assign whatever you require to the rest of the domain computers - usually
> client (respond only) to workstations and request/require to servers based
> on their security needs. Computers of course will need to be in domain/OU
> where policy is implemented. Only W2K/XP computers can implement ipsec, so
> if you have any W9X or NT4.0 computers they will not be able to
communicate
> with any computers requiring ipsec. Use ipsecmon to monitor and
> troubleshoot ipsec security associations. If you do implement ipsec on the
> domain controllers you may want to create a policy exempting dns traffic
to
> keep network communications responsive. --- Steve
>
> "Martin" <x@y.z> wrote in message
> news:eHQYN4S9CHA.3412@TK2MSFTNGP11.phx.gbl...
> > Hi,
> >
> > I've just setup active direcotry, and added other computers to the new
> > domain - maintained backwards compatibility with domains, though I did
not
> > have a domain before.
> >
> > From my AD server, I can see the other computers and they can also see
> each
> > other.
> >
> > I have defined an ISPec policy that I want all computers in the domain
to
> > adopt. I defined it in the Domain Security Policy section on my AD
> server.
> > How do I apply it to the other computers in my domain? Simply doing
> assign
> > by the new policy doesn't seem to work - though there may be an error in
> my
> > policy settings.
> > Roughly the policy has IP filter source My Address, dest Any IP Address,
> All
> > protocols, and mirror. I had previously used a similar policy explictly
> > setup on two separate computers to secure traffic between the two. Now
I
> > want to have a policy that is administered from AD.
> >
> > I believe I don't need to define this policy anway else, but each
computer
> > in my domain needs to adopt it - how do I make that happen?
> >
> > I tried to do Computer Management on one of the domain members, from my
AD
> > server, but although I can browse to it, and the shares fine, I can't do
> > Computer Management of it from my AD server. I can see the name when
I'm
> > asked what computer to manage, but it then says "Computer
\\mc1.domain.com
> > cannot be managed. The network path was not found."
> >
> > Help!
> >
> > Thanks
> > Martin
> >
> >
>
>
- Next message: Daniel Billingsley: "Re: Trojan keeps coming back. Can't find source."
- Previous message: Martin: "Re: Machine policy when user logged onto local machine"
- In reply to: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Next in thread: Martin: "Re: Assign Domain Security Policy/Manage remote computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
