RE: Assigning New IPSec Policy to terminal server
- From: v-morche@xxxxxxxxxxxxxxxxxxxx (Morgan che(MSFT))
- Date: Mon, 26 May 2008 09:59:39 GMT
Hi,
Thanks for posting here.
I also built environment to test the behavior according to KB 816521. As KB
mentioned, the " Create an IPSec filter list to match the Terminal Services
packets" and "Create an IPSec policy to enforce IPSec protection, and then
enable the policy" steps should be completed on Terminal server side. The "
Enable the Client (respond-only) policy on the Terminal Services clients"
action should apply on terminal server clients.
We can create a new OU and put the clients that you want to secure
communication with Terminal server in this OU, then we can define "Enable
the Client (respond-only)" policy and link to this OU. To do so, when
clients connecting Terminal server, they will negotiate encryption method
and apply the security configuration we define on terminal server.
Hope this helps. Have a good day!
Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
--->Thread-Topic: Assigning New IPSec Policy to terminal server
--->thread-index: Aci84yku5/bXvlRJT/aIIs7blq3ikg==
--->X-WBNR-Posting-Host: 207.46.19.168
--->From: =?Utf-8?B?U0pNUA==?= <sjmp@xxxxxxxxxxxxxxxx>
--->Subject: Assigning New IPSec Policy to terminal server
--->Date: Fri, 23 May 2008 07:42:01 -0700
--->Lines: 8
--->Message-ID: <5F0E8981-896E-4B73-A4E5-AC8CF0BF65D8@xxxxxxxxxxxxx>
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> charset="Utf-8"
--->Content-Transfer-Encoding: 7bit
--->X-Newsreader: Microsoft CDO for Windows 2000
--->Content-Class: urn:content-classes:message
--->Importance: normal
--->Priority: normal
--->X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
--->Newsgroups: microsoft.public.windows.terminal_services
--->Path: TK2MSFTNGHUB02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.terminal_services:17902
--->NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
--->X-Tomcat-NG: microsoft.public.windows.terminal_services
--->
--->When I right click and apply a new IPSec policy in group policy the
policy is
--->assigned. Then "to make sure that clients respond to the TS requests
for
--->security" I right click the Client (Respon Only) and assign it. But
this
--->changes the IPSec policy to NO for "Policy Assigned" it seems like I
cannot
--->have them both assigned. Can someone please explain this to me. I am
--->following KB 816521
--->
--->Thanks.
--->
.
- Follow-Ups:
- Prev by Date: Re: Easy Print
- Next by Date: Remote print services
- Previous by thread: Re: Easy Print
- Next by thread: RE: Assigning New IPSec Policy to terminal server
- Index(es):
Relevant Pages
|
