Is joined to AD computer always authenticate itself before DC securely? Can it be insecure? What are the dangers of insecure authentication?

On Sun, 8 Aug 2010 19:53:56 +0000, vgv8 wrote: Is joined to AD computer always authenticate itself before DC securely? Can it be insecure? What are the dangers of insecure authentication? I don't understand what you're asking here. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca

HAHAH i agree with Paul. You really havn't asked that much of a question. Do you mean does a workstation that is joined to a domain always authenticate itself to the DC before user login?? And can this authentication be insecure.

HAHAH i agree with Paul. You really havn't asked that much of a question. Do you mean does a workstation that is joined to a domain always authenticate itself to the DC before user login?? And can this authentication be insecure. Yes.

so the workstation authenticates with the DC using NTLM(Kerberos) From my knowledge i dont think you can change authentication from Workstation to DC. Have a google around or maybe have a look at GP. For starters why do you want to change the Authentication?? Is this for a company or personal lab? If it was a personal lab i could possibly understand why you would want to reduce security but if it's for a company i do not understand why you would want to risk security. Can you give anymore details about why you would want to do this?

Where have I written that I "want to do "this"? I want to understand why it should always be secure... For ex., I have read an article, in non-English language, that one should always configure IPSec upon deployment of AD. If company environment is physically tight and secured and if joined computers are authenticated securely anyway, why would someone should additionally configure IPSec? And, why the secure authentication is ALWAYS needed anyway?

Let me also to add re-phrased question: How to understand insecure user access from always securely authenticated computer channel? What is insecure user access?

Hi, IPSec is used to ensure private, secure communications over Internet Protocol (IP) networks through the use of cryptographic security services. http://technet.microsoft.com/en-us/library/cc776369(WS.10).aspx Securely authenticated does not mean all data transferred between computers is encrypted.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.