Re: Prevent logon without certificate

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/26/05 

Date: Wed, 26 Jan 2005 15:42:43 -0600

That [ipsec transport] would be good advice within the lan but for remote
access using a VPN server with a L2TP connection and then accessing Remote
Desktop through the tunnel would work well. --- Steve

"Mark Gamache" <mark.gamache@css-security.com> wrote in message
news:%23Igbyt%23AFHA.3596@TK2MSFTNGP12.phx.gbl...
> Ahhhh... That makes more sense. What you want to do is create an IPSec
> policy specifically for TS. The article below does just that.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;q315055&sd=tech
>
> Mark Gamache
> CSS
>
> "Art Vandelay" <idozaf@gmail.com> wrote in message
> news:35qdanF4q1j2qU1@individual.net...
>>
>>> My main question is, why would certificate be a requirement (I can see
>>> some
>>> advantages, but I would like to see if Art has a good reason for this or
>>> is there a better solution -- e.g. Smart Card for users)? Who can add
>>> computers to domain? By default "Authenticated Users can add 10
>>> computers to domain, but if you change the policy only domain
>>> administrators (or another group of users) will be able to add computers
>>> to domain...
>>
>> Hi, thanks for your reply. Maybe knowing what we want to achieve is the
>> way forward as it looks like certificates are not what I thought :-)
>>
>> We can get access to our server at the office from remote sites if we
>> enable "remote desktop" and forward port 3389 through our firewall. We
>> haven't actually done that yet, as we are, of course, worried about the
>> security implications. We thought that if we enabled certificate services
>> on our network and allowed only computers that had a certificate to log
>> on, then that extra level of security would be enough. Our staff could
>> then connect to the server remotely only using their laptops which would
>> be certificated.
>>
>> Am I way off line thinking like this?
>>
>> Thanks guys.
>>
>
>

Relevant Pages

  • Re: IIS 6 Directory Services Mapping ACL Problems
    ... It would appear that you can not delegate Certificate based credentials. ... IIS does not have the user's password, so it can't just logon to the remote ... file server as the user directly. ... Lastly - if you want to see what account is being used to access the remote ...
    (microsoft.public.inetserver.iis.security)
  • Re: One Post to Sum It All Up
    ... > I am not suure I have my DNS configured conrrectly. ... I aslo have a DNS server in the ... > via the external IP:port however, when I am at a remote ... > prompted with the certificate warning and a credentials ...
    (microsoft.public.win2000.dns)
  • SecurityFocus Microsoft Newsletter #152
    ... MICROSOFT VULNERABILITY SUMMARY ... Real Networks Helix Universal Server Remote Buffer Overflow ... ... NEW PRODUCTS FOR MICROSOFT PLATFORMS ...
    (Focus-Microsoft)
  • CEICW fails on create on create secure web site configuration
    ... other connecting to a router which connects to the internet. ... this change, I was disconnected from the server, as was to be ... and creating a new certificate with the new IP address. ... When I attempt remote access now, ...
    (microsoft.public.windows.server.sbs)
  • SecurityFocus Microsoft Newsletter #140
    ... Cafelog b2 Remote File Include Vulnerability ... Webfroot Shoutbox Remote Command Execution Vulnerability ... Pablo Software Solutions Baby POP3 Server Multiple Connection... ... Microsoft Windows XP Nested Directory Denial of Service... ...
    (Focus-Microsoft)