I have windows server 2008 as a domain controller so how to enforce the communication between the clients and server to be encrypted. so some of my clients could steal the passwords for some clients . The clients are not joined to domain . the only use the accounts to connect to internet as domain\account.

Hi, As we know, by default, DC uses Kerberos protocol to provide a mechanism for authentication between a client and a server, or between one server and another server. In the process of authentication, the password is encrypted by Kerberos protocol. If you want to enforce the communication between the clients and server, please consider IPSec, which can be deployed by Group Policy and encrypt network traffic in end-to-end, client-to-client, client-to-server, and server-to-server. More information about IPSec, please see the following: Step-by-Step Guide to Internet Protocol Security (IPSec) http://technet.microsoft.com/en-us/library/bb742429.aspx Hope this helps.