Re: AD and ISA in the same machine

From: "Thor $Hammer of God$" <thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Thu, 8 Dec 2005 09:04:06 -0800

I'm still trying to figure out what he meant by "think out of the box." What box? People think in a box? That's silly.

----- Original Message ----- From: "Jim Harrison" <Jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, December 08, 2005 8:53 AM Subject: [isalist] Re: AD and ISA in the same machine


http://www.ISAserver.org

As Tim alluded to, this is silly.
SBS was built to serve the extremely cheap" market.
Hell, the cost of SBS PE alone is the same as ISA SE.

-------------------------------------------------------
  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
-------------------------------------------------------


-----Original Message-----
From: pagemontreal@xxxxxxxxx [mailto:pagemontreal@xxxxxxxxx]
Sent: Thursday, December 08, 2005 08:33
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: AD and ISA in the same machine

http://www.ISAserver.org

I've tested some features. And is working well. Some customers use this 'solution', because the don't have a lot of options($$). I know, is not a best practice, there is some security questions (I could say a lot of) about it, I can find more problems ahead, but it works. Unfortunately we can't install dc on the pix, but we can build one ( http://www.packetattack.com/frankenpix.html <http://www.packetattack.com/frankenpix.html> for more information).

 Some times we have to think out of the box....

Cheers,

Denis


On 12/8/05, Thomas W Shinder <tshinder@xxxxxxxxxxx > wrote:

http://www.ISAserver.org <http://www.isaserver.org/>

You just think you did. There are many and varied surprizes awaiting you, which will present themselves as security issues or impossible to solve "weird" problems. Put the DC on the PIX.

Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ <http://spaces.msn.com/members/drisa/>


Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**

________________________________

From: Denis Page [mailto:pagemontreal@xxxxxxxxx]
Sent: Thursday, December 08, 2005 8:46 AM

To: [ISAserver.org Discussion List]
Subject: [isalist] Re: AD and ISA in the same machine

http://www.ISAserver.org <http://www.isaserver.org/> I'm testing a branch office solution. The customer DON'T have more than 1 server in branch. I solve the problem. Thanks anyway.

On 12/8/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:

http://www.ISAserver.org <http://www.isaserver.org/>

One Acronym - DCOM.
Take
ISA
Off
The
DC

-------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> http://isatools.org <http://isatools.org/> Read the help / books / articles! --------------------------------------------

-----Original Message-----
From: Denis Page [mailto:pagemontreal@xxxxxxxxx ]
Sent: Wednesday, December 07, 2005 6:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: AD and ISA in the same machine

http://www.ISAserver.org <http://www.isaserver.org/>
Yes. I've installed in a DC. To test some features with AD groups and
users.
I could install more computers, but can I use isa server and DC in a
same machine?
I'd like to know what can I do to leave the authentication ports open on
ISA/DC Server.

On 12/8/05, Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx> wrote:

      http://www.ISAserver.org <http://www.isaserver.org/>

      Just to make sure I understand-- You've installed ISA 2004 on a
domain
      controller?

      If so, uninstall ISA from your DC.  ISA serves a completely
different
      function than a DC.  That's like marrying a hooker.

      To test, install on a dedicated box or in a VM.


      -----
      "And yet, even if one person finds his way... that means
      there is a Way.  Even if I personally fail to reach it."

      Mr. Nobusuke Tagomi
      Top Place, Ranking Imperial Trade Mission
      Pacific States of America

----- Original Message ----- From: "Denis Page" < pagemontreal@xxxxxxxxx <mailto:pagemontreal@xxxxxxxxx> > To: "[ISAserver.org Discussion List]" < isalist@xxxxxxxxxxxxx <mailto:isalist@xxxxxxxxxxxxx > > Sent: Wednesday, December 07, 2005 6:25 PM Subject: [isalist] AD and ISA in the same machine


      http://www.ISAserver.org <http://www.isaserver.org/>

Hi,

      I've installed ISA Server 2004 STD in a AD machine (to test some
      features).
      After the Install ISA server in DC, the clients don't
authenticate
      anymore (can't log in domain).
      I've created an access rule with the logon ports (internal to
localhost)
      but it doesn't work.
      Can anyone help me?

      Tnks

------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx <mailto:thor@xxxxxxxxxxxxxxx> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist <http://www.webelists.com/cgi/lyris.pl?enter=isalist> Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ <http://www.isaserver.org/pages/larticle.asp?type=FAQ> ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pagemontreal@xxxxxxxxx <mailto:pagemontreal@xxxxxxxxx> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp <http://www.isaserver.org/pages/newsletter.asp> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist <http://www.webelists.com/cgi/lyris.pl?enter=isalist> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com http://www.techgenix.com/> ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist <http://www.webelists.com/cgi/lyris.pl?enter=isalist> Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pagemontreal@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx <mailto:listadmin@xxxxxxxxxxxxx>

------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Re: AD and ISA in the same machine

Other related posts: