- From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 29 May 2003 12:00:45 -0700
At 11:43 AM 5/29/2003, you wrote:
Lecture away, just do your best to provide me with instruction on the way
you would do it ;)
Overall, I have no problem with the TSAC access, but I would do it a
slightly different way if possible.
If you already have a web server somewhere that is accessible to the
outside world, then use that guy to host the
TSAC. It sounds like the only reason you are installing IIS on the ISA is
for the TSAC. This does a few things- one, you already have an IIS box
that is in your patch management solution, and you don't have to worry
about the admin of IIS on ISA. You also don't have to worry about having
someone else with admin rights having to go to the ISA box to start and
stop IIS when you need to get in. The TSAC loads to your client- from there
it is a direct connection to whatever TS box you want, so there is no
"need" for ISA to host IIS as well.
There are other things I would do, like use the XP Remote Web components on
your web server, which gives you the "new" version of the TSAC which will
let you specify a custom port for a bit more protection. If you do that,
it makes sense to put ACL's on the TSAC directory so that anonymous users
don't get to see what the port is.
That would be a good start....
Other related posts: