You might want to use ipsec if all domain machines are W2K/XP Pro. You could
create a policy that requires ipsec, however you would need to exempt domain
controllers since ipsec negotiation is not supported between domain members
and domain controllers. Another possibility is to use ipsec filtering to
allow only certain ip addresses in the domain and assign all machines static
ip addresses that would be in the permitted range. However that may not stop
someone from trying to use an allowed ip address if they configured their
computer with one and if the other computer with that address is not
nline. --- Steve
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.a
sp
http://support.microsoft.com/?kbid=254949
http://www.securityfocus.com/infocus/1559
"Anant"
wrote in message
news:0bd801c3a535$a5254a00$a101280a@phx.gbl...
> Can any one help on domain security? I have a domain which
> has 10 computers as members. I want domain users to not
> able to log on to domain if they are not logging on from
> any other machine which is not part of this domain.
>