Re: Initial IPSEC policy

From: Harald Haitsma (harald.haitsma_at_acs.it)
Date: 01/28/04

  • Next message: Anette Andresen: "Re: Certificate Services and "Allow this CSP to interact with the desktop"" 
    Date: Wed, 28 Jan 2004 08:26:01 +0100

    I would like to secure all the IP-Traffic between certain PCs with the DC.
    I tried to set the policy so kerberos ist not secure. But i can't get the
    other policy working. Any ideas what went wrong?

    thxs
    Harald

    "Chris" <chris@dev.nul> schrieb im Newsbeitrag
    news:%23ET0EXT5DHA.2496@TK2MSFTNGP09.phx.gbl...
    > No this is still the same in XP and 2003. You are referring to
    > http://support.microsoft.com/default.aspx?kbid=254949
    >
    > Non-domain members could never join the domain if your DC's required
    > kerberos authenticated IPSec communication across the board.
    >
    > Chris Weber
    >
    >
    >
    > "Harald Haitsma" <haraldhaitsma@hotmail.com> wrote in message
    > news:eDS$53Q5DHA.2540@TK2MSFTNGP11.phx.gbl...
    > > I Have a Win2003 Domain with only WinXP clients.
    > >
    > > On a Win2000 Server i read following:
    > > Using IP Security (IPSec) to protect traffic from a non-domain member to
    > the
    > > domain controller is currently not supported in Windows 2000 because it
    is
    > > not possible for non-domain computers to get the initial IPSec policy
    from
    > > the domain controller once a domain controller (DC) requires IPSec to
    > > communicate, and because non-domain member computers cannot use Kerberos
    > as
    > > the IPSec/IKE authentication method to authenticate IKE with their
    domain
    > > controller and with trusted domain controllers on the domain in all
    cases.
    > >
    > > Is this changed within XP and 2003?
    > >
    > > Thxs
    > >
    > >
    > >
    >
    >

  • Next message: Anette Andresen: "Re: Certificate Services and "Allow this CSP to interact with the desktop""

    Relevant Pages

    • Re: Internet Kiosk Group Policy
      ... you can configure policy tight enough so they can't ... that with the proper combination of policy settings you can achieve a very ... tight and secure environment. ... hard drive in the BIOS and setting a BIOS password. ...
      (microsoft.public.windows.group_policy)
    • Re: IPSEC secured server
      ... The secured server policy requires all sessions to be secure it doesn't ... Try using a custom policy or the Server ...
      (microsoft.public.win2000.security)
    • RE: PolicyVerificationException: WSE464: No policy could be found
      ... When I initially used the WSE 2.0 policy wizard to configure the Web Service ... side I entered the name of the service to secure which was ... When I secured only web service and not the web client, ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: Restricting Desktop Computers to view USB Flash Drive
      ... Not in a secure way. ... Disbaling the driver via ADM: ... POLICY "USB-MassStorageDriver" ... Mark Heitbrink - MVP Windows Server ...
      (microsoft.public.win2000.group_policy)