If you are using the Remote Loader, the following table lists the recommended security configurations for the driver.
Table 9-2 Recommended Security Configuration for the Remote Loader
Parameter |
Description |
---|---|
|
The account the driver uses to access the domain data. Use the domain logon name, for example Administrator. |
|
The DNS name of the domain controller. If you don’t want to run the driver on your Active Directory domain controller, use hostname for the Negotiate method but use hostname or the IP address for the method. |
|
The password used for the . |
|
The password for the Remote Loader service. |
|
Select . |
|
Select if Remote Loader is on a member server. If Remote Loader is on a domain controller, select . This setting requires Windows Server 2003 or Windows 2000 with the most recent support pack, and Internet Explorer 6.0 or later on both servers. |
|
Select if Remote Loader is on a member server. If you select , the communication between the driver shim and the Active Directory database is not signed and sealed. If Remote Loader is on a domain controller, select . The communication is digitally encrypted between the driver shim and the Active Directory database. This setting requires Windows Server 2003 or Windows 2000 with the most recent support pack, and Internet Explorer 6.0 or later on both servers.Sealing only works when you use the authentication method and the underlying security provider selects NTLM v2 or Kerberos for its protocols.Do not use this option with SSL. |
|
Select if Remote Loader is on a member server. If Remote Loader is on a domain controller, select . SSL is required to perform a Subscriber password check, a Subscriber password set, and a Subscriber password modify operation when the driver shim is not running on the domain controller.SSL requires that the Microsoft server running the driver shim imports the domain controller’s server certificate. For more information, see Securing Windows 2000 Server. By default, the parameter is set to . If you set this value to , the SSL pipe is encrypted for the entire conversation. An encrypted pipe is preferred because the driver typically synchronizes sensitive information. However, encryption slows the general performance of your servers. |