Re: Mapping drives and Encryption

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/25/05 

Date: Mon, 24 Oct 2005 17:51:37 -0500

You would nee to use ipsec and have an ipsec require policy on the servers
and an ipsec client/respond policy on the workstations. This is fairly easy
to set up in a domain via Group Policy but DANGER WILL ROBINSON -- ipsec
can not be used to protect traffic with ESP/AH for network traffic between
domain controllers and domain computers for any traffic involved in
authentication which would include ports/protocols used for file and print
sharing. So if these servers are domain controllers ipsec is out of the
question. If they are not them your ipsec require policy on the servers
would need to have a mirrored rule with a filter set that includes the IP
addresses of the domain controllers with a permit filter action. Never ever
assign an ipsec require policy to the domain or the domain controllers
container no matter what you read anywhere. Failure to heed such can cause
your domain to have lots of problems that would be a huge Excedrin
headache. --- Steve

"Michael W White" <michael.wm.white@worldnet.att.net> wrote in message
news:OujAEGO2FHA.476@TK2MSFTNGP15.phx.gbl...
> We are mapping drive from Windows 2000 and Windows XP workstation to
> Windows 2000 server and Windows Server 2003.
> Is the communication between the workstations and the servers encrypted?
> What do we need to do to encrypt the traffic between the workstations and
> the servers with respect to the mapped drives?
>
>

Relevant Pages

  • Re: Securing the communication between all workstations in a domain
    ... I am no expert at Ipsec. ... I would try using the server (request ... security) policy in that OU - the secure policy is rather extreme and can ... exempt the domain controllers from ipsec traffic - a request policy may work ...
    (microsoft.public.win2000.security)
  • Re: authentication problem
    ... double or triple duty most traffic [authentication and AD replication] is ... laptops and I bring up ipsec as a possible solution with the caveat on ... domain controllers because many admins right away want to enable the require ... policy at the domain level which can bring their network to it's knees. ...
    (microsoft.public.win2000.security)
  • RE: authentication problem
    ... IPSec is based on the authentication of computers on a network; ... The Active Directory security domain provides this authentication using the ... are used for communication with domain controllers. ... Directory¨Cbased IPSec policy settings are typically applied to domain ...
    (microsoft.public.win2000.security)
  • Re: domain users force only local server access
    ... You can restrict computers using ipsec policies. ... complex topic and domain controllers need to be exempt from any policy to ...
    (microsoft.public.win2000.security)
  • Re: Mapping drives and Encryption
    ... I ran into problems when I first started testing ipsec. ... The reason is that the domain controllers are also the KDC and the computer ... made authentication impossible. ... So then I tried using a request ipsec policy ...
    (microsoft.public.windowsxp.security_admin)
Quantcast