Re: AD in DMZ
- From: "Rogers, Brian" <RogersB@xxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 10 Jul 2003 13:49:14 -0400
I agree...I want it in a separate forest by itself. I just couldn't think
of any reasons why one would include it in your internal forest. However
that is the current plan for some reason :/
-----Original Message-----
From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx]
Sent: Thursday, July 10, 2003 1:39 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: AD in DMZ
http://www.ISAserver.org
At 10:01 AM 7/10/2003, you wrote:
>http://www.ISAserver.org
>
>Can anyone think of any reason to have a public DMZ domain placed in the
>same forest as your internal AD domain?
Not any *secure* reason. You cannot prevent a domain admin in one domain
from being a domain admin in another domain in the same forest. I know of
people who do this for some freaky organization reason, but it is a grave
mistake security-wise.
t
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rogersb@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
