Hmmmm-doing without thinking can lead to big problems. -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Thursday, December 08, 2005 11:02 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: AD and ISA in the same machine http://www.ISAserver.org ...one does not think.. they do instead... -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, December 08, 2005 12:54 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: AD and ISA in the same machine http://www.ISAserver.org ..one would think so... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Thursday, December 08, 2005 09:37 To: [ISAserver.org Discussion List] Subject: [isalist] Re: AD and ISA in the same machine http://www.ISAserver.org But you can't use SBS in his situation anyway. If they went to the expense of purchasing ISA for branch offices, then they must be large enough to justify another box. Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, December 08, 2005 11:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: AD and ISA in the same machine http://www.ISAserver.org As Tim alluded to, this is silly. SBS was built to serve the extremely cheap" market. Hell, the cost of SBS PE alone is the same as ISA SE. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: pagemontreal@xxxxxxxxx [mailto:pagemontreal@xxxxxxxxx] Sent: Thursday, December 08, 2005 08:33 To: [ISAserver.org Discussion List] Subject: [isalist] Re: AD and ISA in the same machine http://www.ISAserver.org I've tested some features. And is working well. Some customers use this 'solution', because the don't have a lot of options($$). I know, is not a best practice, there is some security questions (I could say a lot of) about it, I can find more problems ahead, but it works. Unfortunately we can't install dc on the pix, but we can build one ( http://www.packetattack.com/frankenpix.html <http://www.packetattack.com/frankenpix.html> for more information). Some times we have to think out of the box.... Cheers, Denis On 12/8/05, Thomas W Shinder <tshinder@xxxxxxxxxxx > wrote: http://www.ISAserver.org <http://www.isaserver.org/> You just think you did. There are many and varied surprizes awaiting you, which will present themselves as security issues or impossible to solve "weird" problems. Put the DC on the PIX. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ <http://spaces.msn.com/members/drisa/> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Denis Page [mailto:pagemontreal@xxxxxxxxx] Sent: Thursday, December 08, 2005 8:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: AD and ISA in the same machine http://www.ISAserver.org <http://www.isaserver.org/> I'm testing a branch office solution. The customer DON'T have more than 1 server in branch. I solve the problem. Thanks anyway. On 12/8/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: http://www.ISAserver.org <http://www.isaserver.org/> One Acronym - DCOM. Take ISA Off The DC -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> http://isatools.org <http://isatools.org/> Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Denis Page [mailto:pagemontreal@xxxxxxxxx ] Sent: Wednesday, December 07, 2005 6:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: AD and ISA in the same machine http://www.ISAserver.org <http://www.isaserver.org/> Yes. I've installed in a DC. To test some features with AD groups and users. I could install more computers, but can I use isa server and DC in a same machine? I'd like to know what can I do to leave the authentication ports open on ISA/DC Server. On 12/8/05, Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org <http://www.isaserver.org/> Just to make sure I understand-- You've installed ISA 2004 on a domain controller? If so, uninstall ISA from your DC. ISA serves a completely different function than a DC. That's like marrying a hooker. To test, install on a dedicated box or in a VM. t ----- "And yet, even if one person finds his way... that means there is a Way. Even if I personally fail to reach it." Mr. Nobusuke Tagomi Top Place, Ranking Imperial Trade Mission Pacific States of America ----- Original Message ----- From: "Denis Page" < pagemontreal@xxxxxxxxx <mailto:pagemontreal@xxxxxxxxx> > To: "[ISAserver.org Discussion List]" < isalist@xxxxxxxxxxxxx <mailto:isalist@xxxxxxxxxxxxx > > Sent: Wednesday, December 07, 2005 6:25 PM Subject: [isalist] AD and ISA in the same machine http://www.ISAserver.org <http://www.isaserver.org/> Hi, I've installed ISA Server 2004 STD in a AD machine (to test some features). After the Install ISA server in DC, the clients don't authenticate anymore (can't log in domain). I've created an access rule with the logon ports (internal to localhost) but it doesn't work. Can anyone help me? Tnks Report abuse to listadmin@xxxxxxxxxxxxx