That should raise my spirits :) Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Tuesday, September 27, 2005 8:28 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: 2000 to 2004 Possible Upgrade > Scenarios with Seperate ISA AD Forest > > http://www.ISAserver.org > > No worries - good eats and liquid refreshments await you and Deb... > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Tuesday, September 27, 2005 18:25 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: 2000 to 2004 Possible Upgrade Scenarios with > Seperate ISA AD Forest > > http://www.ISAserver.org > > Anyone notice that I've been in a rotten mood lately? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Tuesday, September 27, 2005 8:24 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: 2000 to 2004 Possible Upgrade > > Scenarios with Seperate ISA AD Forest > > > > http://www.ISAserver.org > > > > And enjoy the performance enhancements of RADIUS auth ;-) > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > Sent: Tuesday, September 27, 2005 8:16 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: 2000 to 2004 Possible Upgrade > > > Scenarios with Seperate ISA AD Forest > > > > > > http://www.ISAserver.org > > > > > > As Tom said - that document is outdated to the point if vast > > > incorrectness-like-stuff... > > > With ISA 2004, you only need ISA to be a member of a trusting > > > domain if > > > you expect to support firewall client traffic. > > > Otherwise, you can RADIUS-auth to your heart's content. > > > > > > > > > ------------------------------------------------------- > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://isaserver.org/Jim_Harrison/ > > > http://isatools.org > > > Read the help / books / articles! > > > ------------------------------------------------------- > > > > > > > > > -----Original Message----- > > > From: Danny [mailto:nocmonkey@xxxxxxxxx] > > > Sent: Tuesday, September 27, 2005 17:55 > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: 2000 to 2004 Possible Upgrade > Scenarios with > > > Seperate ISA AD Forest > > > > > > http://www.ISAserver.org > > > > > > On 9/27/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > > > > First bad assumption - don't build your forest structure > > > around ISA - > > > > build ISA into the forest structure. Design your AD before > > > you worry > > > > about your edge. > > > > > > I should have mentioned that I came across this document > > > before posting: > > > > > > http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/sec > > > urityharde > > > ningguide.mspx > > > > > > "Determining Domain Membership > > > > > > In many cases, you may want to set up the ISA Server computer as a > > > member of a domain. For example, if you will create a policy that > > > relies on domain user authentication, ISA Server should > belong to a > > > domain. > > > > > > If the ISA Server computer is protecting the edge of your > > network, we > > > recommend that you install it in a separate forest (rather > > than in the > > > internal forest of your corporate network). ..." > > > > > > Can you please elaborate, Jim? > > > > > > > You can adapt the ISA deployment to that later. > > > > > > Good point. On the same token, I want to focus on doing it > > right the > > > first time. > > > > > > Much appreciated, > > > > > > ...D > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > jim@xxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >