Re: Assign Domain Security Policy/Manage remote computer
From: Martin (x@y.z)
Date: 03/29/03
- Next message: Dan Laue: "Lost local access fixed"
- Previous message: Martin: "Re: Machine policy when user logged onto local machine"
- In reply to: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Next in thread: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Reply: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Martin" <x@y.z> Date: Sat, 29 Mar 2003 18:30:19 -0000
Hi Steve,
Done that now. Interesting - the DC list test fails.
Nothing else of note.
Any thoughts on the DC list failure?
Your help is much appreciated - especially given it's Saturday.
Unfortunately, I'm going to have to quit this in about 30 minutes.
Thanks again
Martin
"Steven L Umbach" <sumbach@ameritech.net> wrote in message
news:6%lha.485$kd1.414326@newssrv26.news.prodigy.com...
> Netdiag will need to installed. You can download from MS or install
> from XP cdrom under support/tools folder - run setup file there for tools.
> XP machine must be joined to domain to use domain group policies. I would
> recommend unassign ipsec domain policy until you can verify that XP box is
> joined to domain and communicating with dc as should be using netdiag. Do
> not use require (secure server) policy on dc as it seems to cause
unreliable
> communications with domain clients and will not allow new workstations to
be
> joined to the domain. --- Steve
>
> "Martin" <x@y.z> wrote in message
> news:ONIpFph9CHA.1680@TK2MSFTNGP12.phx.gbl...
> > Hi Steve,
> >
> > I've run netdiag and dcdiag on the domain controller (Active Directory
> > server), nothing fails a few netdiag tests are passed namely:
> > WINS service test (none configured)
> > Trust relationship (none configured).
> >
> > All dcdiag tests pass.
> >
> > The dc does refer to itself as it's DNS server.
> > My client is a Windows XP Pro box. I can't find any reference to
netdiag
> > for this OS. Any ideas?
> >
> > It was not configured to use the DC dns server, but now has that as it's
> > primary DNS server.
> >
> > Not done anything more with the IPSec config yet, except it now
specifies
> > specific IP addresses at both source and destination.
> >
> > Thanks again
> > Martin
> >
> >
> >
> >
> > "Steven L Umbach" <sumbach@ameritech.net> wrote in message
> > news:FQjha.328$kd1.378217@newssrv26.news.prodigy.com...
> > > I would recommend running netdiag and dcdiag on your domain
> > controller
> > > to see if it is set up properly, especially with regards to dns zone
> > > creation and dns srv records. The dc needs to be pointing to itself,
by
> > it's
> > > assinged ip address, as it's primary dns server. The clients need to
> point
> > > to the dc as their dns server. Run netdiag on the client computers to
> see
> > if
> > > they are correctly configured. As far as ipsec policy. I recommend
that
> > you
> > > assignd the "request" (not require) policy to the domain controllers
via
> > > domain controllers group/security policy if you need to include them.
> Then
> > > assign whatever you require to the rest of the domain computers -
> usually
> > > client (respond only) to workstations and request/require to servers
> based
> > > on their security needs. Computers of course will need to be in
> domain/OU
> > > where policy is implemented. Only W2K/XP computers can implement
ipsec,
> so
> > > if you have any W9X or NT4.0 computers they will not be able to
> > communicate
> > > with any computers requiring ipsec. Use ipsecmon to monitor and
> > > troubleshoot ipsec security associations. If you do implement ipsec on
> the
> > > domain controllers you may want to create a policy exempting dns
traffic
> > to
> > > keep network communications responsive. --- Steve
> > >
> > > "Martin" <x@y.z> wrote in message
> > > news:eHQYN4S9CHA.3412@TK2MSFTNGP11.phx.gbl...
> > > > Hi,
> > > >
> > > > I've just setup active direcotry, and added other computers to the
new
> > > > domain - maintained backwards compatibility with domains, though I
did
> > not
> > > > have a domain before.
> > > >
> > > > From my AD server, I can see the other computers and they can also
see
> > > each
> > > > other.
> > > >
> > > > I have defined an ISPec policy that I want all computers in the
domain
> > to
> > > > adopt. I defined it in the Domain Security Policy section on my AD
> > > server.
> > > > How do I apply it to the other computers in my domain? Simply doing
> > > assign
> > > > by the new policy doesn't seem to work - though there may be an
error
> in
> > > my
> > > > policy settings.
> > > > Roughly the policy has IP filter source My Address, dest Any IP
> Address,
> > > All
> > > > protocols, and mirror. I had previously used a similar policy
> explictly
> > > > setup on two separate computers to secure traffic between the two.
> Now
> > I
> > > > want to have a policy that is administered from AD.
> > > >
> > > > I believe I don't need to define this policy anway else, but each
> > computer
> > > > in my domain needs to adopt it - how do I make that happen?
> > > >
> > > > I tried to do Computer Management on one of the domain members, from
> my
> > AD
> > > > server, but although I can browse to it, and the shares fine, I
can't
> do
> > > > Computer Management of it from my AD server. I can see the name
when
> > I'm
> > > > asked what computer to manage, but it then says "Computer
> > \\mc1.domain.com
> > > > cannot be managed. The network path was not found."
> > > >
> > > > Help!
> > > >
> > > > Thanks
> > > > Martin
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Dan Laue: "Lost local access fixed"
- Previous message: Martin: "Re: Machine policy when user logged onto local machine"
- In reply to: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Next in thread: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Reply: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
