Harald
Wed Jan 28 01:23:46 CST 2004
I'am using Win2003 with only WinXp Clients. Initial Policy is not possible
within win2000, but in win2003?
Without the Policy / Ipsec everythings works. With local policy also.
I tried te set the registry-key so Kerberos, IKE, Broadcast etc. with is
used in first instance is not IPSEC. But it doesn't funktion.
"Chris" <chris@dev.nul> schrieb im Newsbeitrag
news:%23pmYk7S5DHA.1368@TK2MSFTNGP10.phx.gbl...
> Windows 2000 or Windows 2003?
>
> When it comes to DC's you need to PERMIT ANY traffic to certain ports,
such
> as
> 445 UDP/TCP
> 135 UDP/TCP
> 137 UDP/TCP
> 138 UDP
> 139 TCP
>
> kerberos, DNS, etc. Wow, yeah, it starts to look like why bother right?
>
> Well non-domain members could never join the domain unless to DC was
> available to them without IPSec rules. Check out:
>
http://support.microsoft.com/default.aspx?kbid=254949
>
>
>
> "Harald Haitsma" <haraldhaitsma@hotmail.com> wrote in message
> news:u5PsubQ5DHA.1948@TK2MSFTNGP12.phx.gbl...
> > I have followinf situation:
> >
> > 2 DomainController DC1 and DC2
> > 2 Computer PC1 and PC2
> >
> > PC1 should communicate witch DC1 and DC2
> > PC2 should only communicate with DC2
> >
> > So i wanted to implement IPSEC to solve this problem.
> > I create a policy who make all the IP-Traffic between PC1 and DC1 Secure
> > I create a policy who makes accept DC2 Secure request from PC1
> > all other Traffic is non Secure.
> >
> > If i configure this with the local policy with a Certificate everythine
> > works fine.
> > If i configure the same rules trouth Active Directory the clients wont
get
> > de IPSEC-Policys. What could i done Worng?
> > How can a get a login without having first the IPSEC-Rules?
> >
> > I would like to have a solution where i dont have to install something
on
> > the workstations. This example is for testing only. After this we must
> > implement this on 80x PC1 and 200x PC2.
> >
> > I hope someone can help me here.
> >
> > Thxs
> > Haraöd
> >
> >
> >
>
>