ADAM on XP is no different from ADAM on w2k3 security-wise. The big differences are that it is throttled somewhat perf-wise, and also there's no auditing.
I do not see any serious security problems with this approach. Unless you are thinking that somebody steals the laptop, cracks the DIT open and brute-forces the pwd hashes? Store the DIT on an EFS volume then. In any case, these are ADAM users, not windows... The only problem will be replication -- instances will complain that they are unable to replicate when in offline mode. Perhaps this can be resolved by creating a separate site for every instance and setting up manual links to the hub instance. Hmm. Not sure. I guess it depends on how long they'll stay offline. KCC is not really optimized to work well in such scenarios. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Wednesday, October 04, 2006 7:34 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADAM on XP Pro I've been talking to a vendor about an application they are developing. It involves running ADAM instances on XP Pro machines (laptops) that replicate with a centralised ADAM instance running on W2K3. I don't have further details at this stage, but I believe the they are planning to use the local ADAM instance to authenticate laptop users to an application when they are off-line. In addition to security concerns with this approach, I'm not really comfortable with the idea of ADAM instances on laptops being part of a configuration set. I had always understool ADAM on XP to be used for a personal data store (http://technet2.microsoft.com/WindowsServer/en/library/29fb059e-544c-45 77-bf7c-ba4b08df48431033.mspx?mfr=true). Any thoughts on this? Tony ________________________________________________________________ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
