Re: Deny access

From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
Date: Fri, 16 Feb 2007 07:57:13 -0600

You can require all machines to communicate with IPSec. IPSec needs a
certificate that you can generate in your domain and without it would not be
possible to communicate if you set the policy to communicate via IPSec only.
I have never implemented this but know it isn't that simple. You may have
devices that would need exceptions if they were unable to communicate via
IPSec, etc...

http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/ispstep.mspx

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

<pablof@xxxxxxxxxxxxxxxx> wrote in message
news:F9CE398F-4D61-4867-959C-792F9906EECB@xxxxxxxxxxxxxxxx

Hello

Is it posible to deny access to a domain if the PC isn´t in the Domain?

I want that only the users that had their PC in my domain can access to my
servers (mail, disk...)
I don´t want that if an user of my domain comes to work with his laptop
can
authenticate against servers.

Thank you

Follow-Ups:
- Re: Deny access
  - From: Paul Williams [MVP]

Prev by Date: Re: Active Directory error c80003fa
Next by Date: Re: Deny access
Previous by thread: Re: Merge Group Policies
Next by thread: Re: Deny access
Index(es):
- Date
- Thread

Relevant Pages

Re: AD Through Firewall & Trusts
... Thanks for the reply Jorge. ... domain's domain controllers (the new DC will be configured to communicate ... My goal is to limit the number of rules to be added to the firewall for ... You can enforce IPSec for communications only between these 2 DCs. ...
(microsoft.public.windows.server.active_directory)
Re: AD Through Firewall & Trusts
... You can specify the machines that comunicate with IPSec. ... If I enforce IPSec to be used only between 2 machines that doesn't mean that all others must also use IPSec. ... other domain's domain controllers (the new DC will be configured to communicate with the other DCs in the domain that the new DC is a part of). ...
(microsoft.public.windows.server.active_directory)
Re: IPSEC on Windows 2000 - Help
... shouldn't they still be able to communicate? ... It's exempted once the involved computers have negotiated an SA and IPsec is ... > member to the domain controller is currently not supported ... domain authentication to take place to allow communication, ...
(microsoft.public.win2000.security)
Re: Stop computers connecting to other domains and networks
... I have thought about deploying IPSec but I cringed at the idea of installing ... log parser and it works great to list all my DHCP IP/Computer names. ... it means that those unauthorized devices ... > will not be able to communicate with them. ...
(microsoft.public.win2000.group_policy)
Re: Securing Communication Between Domain Members and their Domain Controllers
... look into using an ipsec tunnel into a gateway computer or ipsec endpoint device or ... > located stand alone servers. ... > integrte them into a single secure Active Directory Domain. ... > member servers to communicate this way, looking through the MS tech. support ...
(microsoft.public.win2000.security)