Enforing AH to force logon to domain

Toggle sidebar Toggle sidebar
R

Richard

Distinguished
Dec 31, 2007
974
0
18,980
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Can anybody help?

I would like to create a group policy that would require
the use of Authentication Header between users and either
the Domain COntrollers or the Exchange servers, forcing
users to log onto the domain in order to recieve mail.

I know this can be done using the Kerberos authentication,
however, I am unsure whether this needs to be between the
Exchange servers and the clients or between the DC's and
the clients.

Has anybody done this before who can point me in the right
direction?

Thanks for your help
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have not done that however ipsec negotiation policies are not supported between
domain members and domain controllers as described in the KB link below, particularly
the second paragraph. I have tried MANY variations of ipsec policies between domain
controllers and domain controllers and always had problems with logons after
implementing such. You can exempt domain controllers by adding their static IP
addresses to a filter rule within the policy with a permit filter action.

http://support.microsoft.com/?kbid=254949

It might work to an Exchange server. Try creating a test policy for one or two
computers to the Exchange Server with a require policy on the server and a
client/respond policy on the workstation. Each policy would need to have a rule with
the IP addresses of each other as the destination computer. That way your test policy
will be applied to only the computers specified by IP address. Ipsec policies take
effect almost immediately and do not require a reboot. I suggest you have physical
access to the Exchange server in case the policy goes wrong and you loose you network
connection via Terminal Services or such. --- Steve


"Richard" <richard.howell@arivia.co.za> wrote in message
news:2e2ff01c46b16$a7f9b930$a501280a@phx.gbl...
> Can anybody help?
>
> I would like to create a group policy that would require
> the use of Authentication Header between users and either
> the Domain COntrollers or the Exchange servers, forcing
> users to log onto the domain in order to recieve mail.
>
> I know this can be done using the Kerberos authentication,
> however, I am unsure whether this needs to be between the
> Exchange servers and the clients or between the DC's and
> the clients.
>
> Has anybody done this before who can point me in the right
> direction?
>
> Thanks for your help
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom