Re: Security Question
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Sun, 31 Dec 2006 23:16:46 -0500
"supersonic_oasis" <supersonicoasis@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:94F9F28F-FBF1-4553-B9FD-E0CB5A9E2CBC@xxxxxxxxxxxxxxxx
Hello, I am running Active Directory on all Win2003 servers. I waswondering
about the default security settings that are configred on the servers asfar
as communications between other servers in the domain, and the clients.
That is likely to broad a question for you to receive a definitive
answer -- some of your specific examples below are easy to
answer however....
For instance, are the comminications between the clients and the servers
encrypted?
In general, "No" but for authentication purposes you the opposite
is true and passwords are not exposed.
There are many kinds of "client-server communication" howerever
and most of these will not be encrypted by default. (E.g., File, print,
web, email, etc.)
If you wish to force/encourage encryption then consider implementing
IPSec (likely through a GPO) for (some of) your machines.
What is used to encrypt it?
The default authentication is done through a secure channel between
DC and Client computer, and will also invoke Kerberos if both sides
are running at least Win2000 -- Kerberos will never actually pass the
password across the wire.
SMB signing (but not encryption) is the default for Win2003 DCs,
and SMB encryption CAN be required by the DCs through a GPO
settings.
And is there anyplace in the GUI that
I can see these settings?
No, not really. (Except the GPO settings perhaps.)
.
- Prev by Date: Re: What are the less obvious effects of adding a PC to an AD domain?
- Next by Date: Re: dc is not working properly after role transfer.
- Previous by thread: Re: Userenv 1030 & LSASRV 40961 Errors
- Next by thread: Re: dc is not working properly after role transfer.
- Index(es):
Relevant Pages
|
