I am thinking I would be opening a PSS case on this one. Let them start getting you to send in information. Not sure how this couldn't be a bug.
 
 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Lee
Sent: Wednesday, June 08, 2005 5:43 PM
To: [email protected]; [email protected]
Subject: RE: [ActiveDir] Active directory migration and security standards issues

I'm using a product call safguardeasy.  Encrypting the entire hard drive.  You must enter a username and password just after POST just to get the OS to load.  The OS on the laptop is W2K the domain is 2003.  I am joining an OU in the campus domain (campus.berkeley.edu) which includes the campus, berkeley and uc domains which Berkeley is the Kerberos realm.  All of the domains come up except berkeley.  All are installed via GPO.  When I check the registry settings, Berkeley is not there.

 I have also recently discovered that on a laptop that was already a member of this domain, all was well (all domains present) until I encrypted the drive.  Then Berkeley dissapears.

At 01:50 PM 6/8/2005, Rick Kingslan wrote:

When you say ‘Disk Encryption”, are you referring to EFS (Encrypted file system)?

If so – which disk is encrypted, and is your account a recovery agent?  Finally, which OS?

Honestly – I don’t know of anything that would prevent a system configured with the basic information that you provide (EFS or not) that would allow you to join a domain, but not allow you to see a Realm.  However, I am making a huge leap that you are, in fact JOINing a W2k or W2k3 domain.  Is this a bad assumption?

Rick

From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] On Behalf Of David Lee
Sent: Wednesday, June 08, 2005 12:36 PM
To: [email protected]
Subject: [ActiveDir] Active directory migration and security standards issues
 
I have several laptops that are encrypted per the new campus security standards in my shop that are being used as desktop computers.  I am now trying to bring them into our AD domain.  When joining the domain all seems fine, reboot, then notice that the domain list does not include Berkeley.edu (Kerberos REALM).  How does disk encryption affect Kerberos authentication?  So far, this has happened only on machines that are encrypted. 

Any iedas?

David D. Lee
Computer Resource Specialist II
Office of Undergraduate Admissions
[EMAIL PROTECTED]
2-6417

David D. Lee
Computer Resource Specialist II
Office of Undergraduate Admissions
[EMAIL PROTECTED]
2-6417

Reply via email to