[gptalk] Re: Disabling Computer Accounts

  • From: neil@xxxxxxxxxxxxxxxx
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Fri, 26 Jan 2007 13:28:58 -0000 (GMT)

Ray - Not sure yet but I've found this paper which seems to explain.
About isolating a domain using ipsec and gpos.

http://tinyurl.com/2ln2ck

There's an Encryption Isolation Group Policy in the appendix that seems
suitable combined with enforcing the ipsec service as mathieu suggested.
Cheers
Neil

> This is a very interesting topic.
>
> Guys, which IP Security Policy should be active within the GPO and what
> changes should be made?
>
> Cheers
>
> Ray
>
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
> Behalf Of Neil Berry
> Sent: 25 January 2007 19:49
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Disabling Computer Accounts
>
> Thanks Mathieu
>
> Good idea -  that would make them pretty much unusable !
> Just what I need
>
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]On
> Behalf Of Mathieu CHATEAU
> Sent: 25 January 2007 19:04
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Disabling Computer Accounts
>
>
> hello,
>
> on the GPO to block, add IPSEC so to deny any non encrypted traffic
> (mandatory to encrypt).
>
> As only these stations uses IPSEC, they won't be able to connect to others
> workstations neither servers.
>
> The only solution for those bad boys is to stop the ipsec windows service,
> so you will enforce it started through the same GPO
>
> Regards,
> Mathieu CHATEAU
> http://lordoftheping.blogspot.com
>
>
> ----- Original Message -----
> From: <neil@xxxxxxxxxxxxxxxx>
> To: <gptalk@xxxxxxxxxxxxx>
> Sent: Thursday, January 25, 2007 5:03 PM
> Subject: [gptalk] Disabling Computer Accounts
>
>
>> Hi all,
>>
>> Does anyone have any ideas on how best to achieve the following.
>>
>> I need to make a computer that is intially built into the domain -
>> virtually unusable until it is placed in the correct OU.
>>
>> I had thought of applying a very restrictive GPO to the default
>> computers
>> OU which made it unusable but not quite sure which settings to apply and
>> if there are any issues with doing this.
>>
>> It is bascially to stop people bypassing build procedures and policies
>> and
>> not putting the computer into the correct OU.
>>
>> Thanks for any thoughts :)
>>
>> Neil
>> ***********************
>> You can unsubscribe from gptalk by sending email to
>> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
>> by
>> logging into the freelists.org Web interface. Archives for the list are
>> available at http://www.freelists.org/archives/gptalk/
>> ************************
>>
>
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at http://www.freelists.org/archives/gptalk/
> ************************
>
>
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at http://www.freelists.org/archives/gptalk/
> ************************
>
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at http://www.freelists.org/archives/gptalk/
> ************************
>

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: