[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: more microsoft policy issues?

To: William Dixon <wdixon@Exchange.Microsoft.com>
Subject: RE: more microsoft policy issues?
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Tue, 16 May 2000 19:17:34 -0700 (PDT)
cc: ipsec@lists.tislabs.com
In-Reply-To: <6A05D00595BE644E9F435BE5947423F2FFC3E1@fifi.platinum.corp.microsoft.com>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 16 May 2000, William Dixon wrote:
> Jan, posting this without context is just inflammatory.  If it makes you
> happy, send flame to me personally.  The list isn't here to discuss
> product bugs, postulate on what may be a bug, nor complain about the
> wording on dialogs.
> 
Sorry. That's all the context I had. Maybe I was a bit hasty (in view of the
recent thread). If so, I apologize.

Reading the rest below, though, it sounds like if the OS can override a local
decision, then you again have a scenario where I click on a choice, and win2k
overrides me without telling me. Bad. I mean, what would YOU expect, if you
said: Don't do ipsec. *I* would expect that ipsec will not be performed. At
all. Ever.

And I wasn't venting about a product bug, either (although I was hoping it
would turn out to be one). it's the gratuitous overriding of user-selected
policy that was the issue I meant to address.

jan



> The news group for Windows 2000 networking functionality in general is:
> microsoft.public.win2000.networking
> 
> Or you can email NTBUGTRAQ to report verified problems or email
> secure@microsoft.com to get a formal corporate response to a discovered
> security weakness for any Microsoft product.
> 
> This setting is in the advanced properties of the TCPIP properties and
> allows a local admin to select a default IPSec policy.  By default the
> selection is says in text "Do not use IPSec".  This is a local setting
> which can be overridden by Win2k domain IPSec policy, and by OS
> components such as L2TP which require IPSec for their operation.  And
> once again, the behavior is documented in online help and elsewhere.
> The TCPIP properties UI is a quick and easy way for an admin to change
> between different custom policies that have been created on the local
> system.
> 
> As one of our KB articles notes, we provide the default policies as an
> example only, for initial testing only - real production use requires
> your own custom designed IPSec policy.  
> 
> 
> -----Original Message-----
> From: Jan Vilhuber [mailto:vilhuber@cisco.com]
> Sent: Tuesday, May 16, 2000 2:01 PM
> To: ipsec@lists.tislabs.com
> Cc: William Dixon
> Subject: more microsoft policy issues?
> 
> 
> >From an email I just saw going across my desk:
> 
> > Even though the "do not use IPSec" is marked in the W2000
> configuration the
> > W2000 client still uses IPSec.  Please note in Windows 2000 build 2195
> > Microsoft have decided to use IPSec all the time.
> 
> Come on, guys! Please tell me that THIS at least is a bug, and not
> another one
> of those design decisions...
> 
> jan
> P.S. Caveat: I don't have any idea of build numbers. Maybe 2195 is
> really old
> and this is already fixed...
>  --
> Jan Vilhuber
> vilhuber@cisco.com
> Cisco Systems, San Jose                                     (408)
> 527-0847
> 
> 

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

References:

RE: more microsoft policy issues?

From: "William Dixon" <wdixon@Exchange.Microsoft.com>

Prev by Date: RE: more microsoft policy issues?
Next by Date: RE: Windows 2000 and Cicsco router interoperability
Prev by thread: RE: more microsoft policy issues?
Next by thread: RE: more microsoft policy issues?
Index(es):
- Main
- Thread