Announcement

Collapse
No announcement yet.

Enable the Data Encryption Stnadard(DES) policy over Win 2003 Domain via GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Enable the Data Encryption Stnadard(DES) policy over Win 2003 Domain via GPO

    Hi there,

    I am a system admin for a windows 2003 active directory domain. We are in the process of implementing Win 7 clients, where we have an issue with enabling the Data Encryption Stnadard (
    DES) policy for the Win7 clinets in domain level. We need to enable this policy for some Cisco network security agent (SSO- Single Sign-on).
    The things is, the policy to enable DES is only available locally in Win 7 local policies (and there in Win server 2008 R2 whcih we don't have) not in Win 2003 default GPOs, i.e we need to have the following template in Win2003 DC GPOs
    In Windows 7:
    1. Group Policy Management Console (GPMC), locate the following location: Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options
    2. Click to select the Network security: Configure encryption types allowed for Kerberos option. (this policy's not there in Win2003)
    3. Click to select Define these policy settings and all the six check boxes for the encryption types.
    4. Click OK. Close the GPMC

    Ref: http://support.microsoft.com/kb/977321
    Either we have to locally enable it on each and every Win 7 machines (quite impractical) or we need to have this policy template in our Win2003 DC server.

    Appreciate if you can help me to find a solution for this
    Insaf Muhammed
    System Admin
    -----------------
    Never break four things in life: TRUST, PROMISE, RELATIONS & HEART. Cause when they break they don't make noise but pains a lot

  • #2
    Re: Enable the Data Encryption Stnadard(DES) policy over Win 2003 Domain via GPO

    Since almost all settings are really registry keys, all you need to do is export the settings from a fixed Win7 box and use GPOs to create the same keys in other ones
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Enable the Data Encryption Stnadard(DES) policy over Win 2003 Domain via GPO

      Maybe try to install the RSAT in a win7 and try to edit the domain policies from there.
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment


      • #4
        Re: Enable the Data Encryption Stnadard(DES) policy over Win 2003 Domain via GPO

        Good day buddies...

        Thanks to all your suggestions ...........
        Last edited by Insaf; 18th May 2010, 07:47.
        Insaf Muhammed
        System Admin
        -----------------
        Never break four things in life: TRUST, PROMISE, RELATIONS & HEART. Cause when they break they don't make noise but pains a lot

        Comment


        • #5
          Re: Enable the Data Encryption Stnadard(DES) policy over Win 2003 Domain via GPO

          Originally posted by L4ndy View Post
          Maybe try to install the RSAT in a win7 and try to edit the domain policies from there.
          =======================
          It worked...........thanks!! I was able to view the required polices while I tried it from my win7 domain client....
          Insaf Muhammed
          System Admin
          -----------------
          Never break four things in life: TRUST, PROMISE, RELATIONS & HEART. Cause when they break they don't make noise but pains a lot

          Comment

          Working...
          X