RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 27 Sep 2005 18:15:52 -0700

As Tom said - that document is outdated to the point if vast
incorrectness-like-stuff...
With ISA 2004, you only need ISA to be a member of a trusting domain if
you expect to support firewall client traffic.
Otherwise, you can RADIUS-auth to your heart's content.


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx] 
Sent: Tuesday, September 27, 2005 17:55
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: 2000 to 2004 Possible Upgrade Scenarios with
Seperate ISA AD Forest

http://www.ISAserver.org

On 9/27/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> First bad assumption - don't build your forest structure around ISA -
> build ISA into the forest structure.  Design your AD before you worry
> about your edge.

I should have mentioned that I came across this document before posting:

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/securityharde
ningguide.mspx

"Determining Domain Membership

In many cases, you may want to set up the ISA Server computer as a
member of a domain. For example, if you will create a policy that
relies on domain user authentication, ISA Server should belong to a
domain.

If the ISA Server computer is protecting the edge of your network, we
recommend that you install it in a separate forest (rather than in the
internal forest of your corporate network). ..."

Can you please elaborate, Jim?

> You can adapt the ISA deployment to that later.

Good point.  On the same token, I want to focus on doing it right the
first time.

Much appreciated,

...D

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest
• » RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest

1. Home
2. isalist
3. Archive
4. 09-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---