No it is not. User authentication however in a default installation never allows
passwords to be sent over the network in clear text but a encrypted password
hash is used instead in a challenge/reponse session . Replication traffic
between W2K domain controllers is always encrypted per the kerberos protocol
which is one reason AD integrated dns zones are recommended. W2K introduced
ipsec which allows traffic to be encrypted between W2K member servers and member
servers [but not domain controllers]. The three default ipsec policies which can
be modified to your needs are client/respond, server/request, and
server/require. A computer with a require ipsec policy will not communicate with
any computer unless traffic can be secured via ipsec with a combination of
either ESP and/or AH which can use DES, 3DES, SHA1, or MD5. See the link below
for more information on ipsec. A security association will use the strongest
encryption that can be negotiated between the computers which would be 3DES/SHA1
in a default W2K installation. --- Steve
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://www.microsoft.com/windows2000/techinfo/howitworks/security/ip_security.asp