Domain Security

[Anant]

Can any one help on domain security? I have a domain which
has 10 computers as members. I want domain users to not
able to log on to domain if they are not logging on from
any other machine which is not part of this domain.

 

[Steven L Umbach]

You might want to use ipsec if all domain machines are W2K/XP Pro. You could
create a policy that requires ipsec, however you would need to exempt domain
controllers since ipsec negotiation is not supported between domain members
and domain controllers. Another possibility is to use ipsec filtering to
allow only certain ip addresses in the domain and assign all machines static
ip addresses that would be in the permitted range. However that may not stop
someone from trying to use an allowed ip address if they configured their
computer with one and if the other computer with that address is not
nline. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.a
sp
http://support.microsoft.com/?kbid=254949
http://www.securityfocus.com/infocus/1559