RE: Assigning New IPSec Policy to terminal server
- From: SJMP <sjmp@xxxxxxxxxxxxxxxx>
- Date: Tue, 27 May 2008 05:32:02 -0700
Morgan,
Not sure I follow you. This TS server is going to be assigned to a specific
OU created just for TS. Can you elaborate on "link to this OU." This OU is
not linked and was not going to be linked. I was going to assign the TS
computer object to this OU and give Remote Desktop Users group permissions,
while assigning AD users to this group.
"Morgan che(MSFT)" wrote:
Hi,.
Thanks for posting here.
I also built environment to test the behavior according to KB 816521. As KB
mentioned, the " Create an IPSec filter list to match the Terminal Services
packets" and "Create an IPSec policy to enforce IPSec protection, and then
enable the policy" steps should be completed on Terminal server side. The "
Enable the Client (respond-only) policy on the Terminal Services clients"
action should apply on terminal server clients.
We can create a new OU and put the clients that you want to secure
communication with Terminal server in this OU, then we can define "Enable
the Client (respond-only)" policy and link to this OU. To do so, when
clients connecting Terminal server, they will negotiate encryption method
and apply the security configuration we define on terminal server.
Hope this helps. Have a good day!
Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
--->Thread-Topic: Assigning New IPSec Policy to terminal server
--->thread-index: Aci84yku5/bXvlRJT/aIIs7blq3ikg==
--->X-WBNR-Posting-Host: 207.46.19.168
--->From: =?Utf-8?B?U0pNUA==?= <sjmp@xxxxxxxxxxxxxxxx>
--->Subject: Assigning New IPSec Policy to terminal server
--->Date: Fri, 23 May 2008 07:42:01 -0700
--->Lines: 8
--->Message-ID: <5F0E8981-896E-4B73-A4E5-AC8CF0BF65D8@xxxxxxxxxxxxx>
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> charset="Utf-8"
--->Content-Transfer-Encoding: 7bit
--->X-Newsreader: Microsoft CDO for Windows 2000
--->Content-Class: urn:content-classes:message
--->Importance: normal
--->Priority: normal
--->X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
--->Newsgroups: microsoft.public.windows.terminal_services
--->Path: TK2MSFTNGHUB02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.terminal_services:17902
--->NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
--->X-Tomcat-NG: microsoft.public.windows.terminal_services
--->
--->When I right click and apply a new IPSec policy in group policy the
policy is
--->assigned. Then "to make sure that clients respond to the TS requests
for
--->security" I right click the Client (Respon Only) and assign it. But
this
--->changes the IPSec policy to NO for "Policy Assigned" it seems like I
cannot
--->have them both assigned. Can someone please explain this to me. I am
--->following KB 816521
--->
--->Thanks.
--->
- Follow-Ups:
- RE: Assigning New IPSec Policy to terminal server
- From: Morgan che(MSFT)
- RE: Assigning New IPSec Policy to terminal server
- References:
- RE: Assigning New IPSec Policy to terminal server
- From: Morgan che(MSFT)
- RE: Assigning New IPSec Policy to terminal server
- Prev by Date: Server crash
- Next by Date: Re: Configuration Help needed
- Previous by thread: RE: Assigning New IPSec Policy to terminal server
- Next by thread: RE: Assigning New IPSec Policy to terminal server
- Index(es):
Relevant Pages
|
Loading
