RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 27 Sep 2005 20:31:59 -0500

:-|

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
> Sent: Tuesday, September 27, 2005 8:29 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: 2000 to 2004 Possible Upgrade 
> Scenarios with Seperate ISA AD Forest
> 
> http://www.ISAserver.org
> 
> Gee Tom, have you been in a rotten mood lately?
> 
> t
> 
> ----- Original Message ----- 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, September 27, 2005 6:25 PM
> Subject: [isalist] RE: 2000 to 2004 Possible Upgrade 
> Scenarios with Seperate 
> ISA AD Forest
> 
> 
> http://www.ISAserver.org
> 
> Anyone notice that I've been in a rotten mood lately?
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> 
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Tuesday, September 27, 2005 8:24 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: 2000 to 2004 Possible Upgrade
> > Scenarios with Seperate ISA AD Forest
> >
> > http://www.ISAserver.org
> >
> > And enjoy the performance enhancements of RADIUS auth ;-)
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Tuesday, September 27, 2005 8:16 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: 2000 to 2004 Possible Upgrade
> > > Scenarios with Seperate ISA AD Forest
> > >
> > > http://www.ISAserver.org
> > >
> > > As Tom said - that document is outdated to the point if vast
> > > incorrectness-like-stuff...
> > > With ISA 2004, you only need ISA to be a member of a trusting
> > > domain if
> > > you expect to support firewall client traffic.
> > > Otherwise, you can RADIUS-auth to your heart's content.
> > >
> > >
> > > -------------------------------------------------------
> > >    Jim Harrison
> > >    MCP(NT4, W2K), A+, Network+, PCG
> > >    http://isaserver.org/Jim_Harrison/
> > >    http://isatools.org
> > >    Read the help / books / articles!
> > > -------------------------------------------------------
> > >
> > >
> > > -----Original Message-----
> > > From: Danny [mailto:nocmonkey@xxxxxxxxx]
> > > Sent: Tuesday, September 27, 2005 17:55
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: 2000 to 2004 Possible Upgrade 
> Scenarios with
> > > Seperate ISA AD Forest
> > >
> > > http://www.ISAserver.org
> > >
> > > On 9/27/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> > > > First bad assumption - don't build your forest structure
> > > around ISA -
> > > > build ISA into the forest structure.  Design your AD before
> > > you worry
> > > > about your edge.
> > >
> > > I should have mentioned that I came across this document
> > > before posting:
> > >
> > > http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sec
> > > urityharde
> > > ningguide.mspx
> > >
> > > "Determining Domain Membership
> > >
> > > In many cases, you may want to set up the ISA Server computer as a
> > > member of a domain. For example, if you will create a policy that
> > > relies on domain user authentication, ISA Server should 
> belong to a
> > > domain.
> > >
> > > If the ISA Server computer is protecting the edge of your
> > network, we
> > > recommend that you install it in a separate forest (rather
> > than in the
> > > internal forest of your corporate network). ..."
> > >
> > > Can you please elaborate, Jim?
> > >
> > > > You can adapt the ISA deployment to that later.
> > >
> > > Good point.  On the same token, I want to focus on doing it
> > right the
> > > first time.
> > >
> > > Much appreciated,
> > >
> > > ...D
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: 
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
>

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2005