Re: How to have 2 security policies on one server

From: Miha Pihler [MVP] (mihap-news_at_atlantis.si)
Date: 08/30/05 

Date: Tue, 30 Aug 2005 19:41:16 +0200

For two domains, you would need at least two domain controllers (one per
domain) which would be at least two servers (or even better four -- two per
domain as recommended by Microsoft).

What you could do is use Virtual Server and install all this on one physical
server (you would save on cost of hardware - but you would still need tow to
four licensees for operating system and license for Virtual Server. 

-- 
Mike
Microsoft MVP - Windows Security
"Tim" <Tim@discussions.microsoft.com> wrote in message 
news:C5D70060-1212-4390-8B71-3C3060EF531F@microsoft.com...
> The business goal is having groups with different security policies 
> accessing
> a single server.  Can setting up two domains achieve this goal?  Can two
> domains co-exist on a single domain controller? Or is it one controller 
> per
> user group?  Thanks.
>
> "Miha Pihler [MVP]" wrote:
>
>> You can't. There can only be one password policy at the time.
>>
>> To go further; if this is domain environment, you can only have one 
>> password
>> policy per domain. If you require different policy, then you will have to
>> e.g. setup two domains inside Active Directory forest.
>>
>> -- 
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "Tim" <Tim@discussions.microsoft.com> wrote in message
>> news:53A68A9B-32A9-4A27-8930-84B94844292C@microsoft.com...
>> > Windows 2003 server.  One client requires passwords to expire in 90 
>> > days,
>> > but
>> > now another client requires passwords to expire in 360 days.  How can I
>> > support multiple security policies...without dedicating one server to
>> > every
>> > client?
>>
>>
>>

Relevant Pages

  • Re: Securing the communication between all workstations in a domain
    ... I am no expert at Ipsec. ... I would try using the server (request ... security) policy in that OU - the secure policy is rather extreme and can ... exempt the domain controllers from ipsec traffic - a request policy may work ...
    (microsoft.public.win2000.security)
  • Re: IPSEC Problems
    ... You may want to try and rebuild the ipsec policy. ... ipsec negotiation traffic between domain members and domain controllers as ... > this server and any communication was shown correctly in ipsecmon. ...
    (microsoft.public.windows.server.security)
  • Re: GP to force Daily Restart
    ... The Security System could not establish a secured connection with the server ldap/DC01.corp.com/corp.com@xxxxxxxxx No authentication protocol was available. ... The network path was not found. ... domain controllers log these events every five minutes. ... every computer on the network must use DNS servers that can resolve SRV ...
    (microsoft.public.windows.server.sbs)
  • Re: Net logon error event id:3096
    ... Verifying that the local machine yblrtgswip1, ... Connecting to directory service on server yblrtgswip1. ... No record of File Replication System, ... interval between domain controllers. ...
    (microsoft.public.win2000.active_directory)
  • Re: Installing Windows 2003 DC in a Windows 2000 Evironment-- Need Hel
    ... How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003 ... Initial synchronization requirements for Windows 2000 Server and Windows ... ensure that you have designed a DNS and Active ...
    (microsoft.public.windows.server.active_directory)