| Author | Messages | |
FreddyHARTONO
Posts:19
 | | 03/26/2007 6:48 AM |
| v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
Thanks Laura, I think RDP for Longhorn is rather out for us at
the moment considering we might be RDPing for OCS.. (too much effort for a team
to handle both sadly).
Cheers.
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Infrastructure Services Lead
International SOS Pte Ltd
mail/sip: freddy.hartono@internationalsos.com
phone: (+65) 6330-9785
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Laura A.
Robinson
Sent: Monday, March 26, 2007 11:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Whole Disk Encryption
It would be something to pursue immediately. The RDP program
deadline was already extended once, so it may still be open, but chances are a
bit slim at this point.
Freddy, in case you're wondering why Brian recommended the RDP/TAP
for Longhorn, it's because Longhorn offers full disk encryption, in addition to
several other technologies that are designed for environments just like yours.
Laura
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Sunday, March 25, 2007 11:10 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Whole Disk Encryption
I don’t know how large/unique your AD deployment is, but have
you talked to your TAM/Account Team about the possibility of being involved in
RDP/TAP for Longhorn? I am not involved in any accounts that are doing this so
I don’t know what the schedule is, but it could be something to explore.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Freddy HARTONO
Sent: Sunday, March 25, 2007 10:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Whole Disk Encryption
Anyone has a working solution for whole disk encryption on DCs?
I’m having the same problem where we have tons of satellite
links – where most of the dcs are on mirrored disk, and the possibility of some
jokers plugging out disk and rebuilding the raid somewhere else is something we
are not willing to rule out.
I know these shouldn’t be deployed in the first place, but we
are in locations where everytime a wind blows the link goes down (Nigeria,
Yangon, Shakalin, Namibia etc) J
Something to keep us going before rodc is available perhaps…
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Infrastructure Services Lead
International SOS Pte Ltd
mail/sip: freddy.hartono@internationalsos.com
phone: (+65) 6330-9785
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Al Mulnick
Sent: Thursday, March 22, 2007 1:11 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DC Whole Disk Encryption
If it helps you lean further,
I've done same. It takes a really strong argument to get me to deploy a
DC in a remote site. In sites where that's the only infrastructure, then I
usually dig in and refuse flat out.
No reason. Not worth the risks. Not worth the aggravation of maintenance.
On 3/21/07, james.masters@kroger.com wrote:
Brian - thanks for the note. I'm beginning to lean in the
direction of
your thinking.
James Masters
Systems Architecture and Engineering
The Kroger Co.
Office: (859) 363-2346
Cell: (859) 653-8644
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org
] On Behalf Of
brian@briandesmond.com
Sent: Wednesday, March 21, 2007 12:58 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Whole Disk Encryption
And does business stop if the WAN link goes down?
If so the DC isn't going to help you. Remember anyway you have cached
credentials to tide things over.
FWIW I've had sites with magnitudes more workstations/users with no DC and
things were just happy. Different industry/environment, but it's not
always a requirement to have the DC.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-
> owner@mail.activedir.org] On
Behalf Of james.masters@kroger.com
> Sent: Wednesday, March 21, 2007 12:50 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] DC Whole Disk Encryption
>
> Over 200 users connected by one T1 in a rural area.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org
] On Behalf Of Al Mulnick
> Sent: Wednesday, March 21, 2007 12:37 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] DC Whole Disk Encryption
>
> Is there a reason to put a DC in those sites?Often, if the
physical
> security is a concern, the office is small enough that it may not need
> the dc to be local to the premises. Is that the case here?
>
>
> On 3/21/07, james.masters@kroger.com
wrote:
>
> That is the concern.
Offline hacking of the AD database and
> password
> discovery.
>
>
> James Masters
> Systems Architecture and
Engineering
> The Kroger Co.
> Office: (859) 363-2346
> Cell: (859) 653-8644
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:
ActiveDir-owner@mail.activedir.org ] On Behalf Of Al
> Mulnick
> Sent: Wednesday, March 21,
2007 12:06 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir]
DC Whole Disk Encryption
>
> Assuming that you went the
route of something like safeboot,
> what would
> you do about the
reboots?Or were you thinking of just
> putting it out
> there with an autoboot
user (which kind of defeats the
> purpose,
> right?)
>
> Supported?I
would suggest that any third party utilities are
> going to be
> supported by same third
party, putting you in a situation
> where you have a
> LOT of finger pointing to
deal with prior to your
> troubleshooting.
> Not
> pretty.
>
> James, what exactly is the
concern? That somebody may run off
> with the
> domain controller and hack
at it off-line?
>
>
> On 3/21/07, Rod Brissey
< Rod.Brissey@fxfn.com> wrote:
>
>
Safeboot may work for you, as long as you're not using
> scsi
> drives.
>
>
-----Original Message-----
>
From: ActiveDir-owner@mail.activedir.org
>
[mailto: ActiveDir-owner@mail.activedir.org
>]
On Behalf Of
>
james.masters@kroger.com
>
Sent: Wednesday, March 21, 2007 9:44 AM
>
To: ActiveDir@mail.activedir.org
>ActiveDir@mail.activedir.org>
>
Subject: [ActiveDir] DC Whole Disk Encryption
>
>
All, I have remote offices requiring AD authentication
> who's
> physical
>
security I cannot routinely verify. Given the ease in
> cracking a
> DIT
>
file
>
offline, does anyone have suggestions as to the best
> approach to
> this
>
problem? Are any whole disk encryption products (PGP
> comes to
> mind)
>
supported when encrypting DC volumes?
>
>
As always, thank you all for your insight and
> expertise.
>
>
-James
>
List info : http://www.activedir.org/List.aspx
>< http://www.activedir.org/List.aspx
>
>
>
List FAQ: http://www.activedir.org/ListFAQ.aspx
>
List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
>
List FAQ: http://www.activedir.org/ListFAQ.aspx
>>
>
List archive: http://www.activedir.org/ma/default.aspx
>
>
>
> List info : http://www.activedir.org/List.aspx
>
> List
FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
>
> List info : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.18/733 - Release Date: 3/25/2007
11:07 AM
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.18/733 - Release Date: 3/25/2007
11:07 AM | | | |
|
|