Hi Troy, Always part of the user domain. Even in edge firewall deployments. No one has ever "owned" a properly configured ISA firewall and unlike Cisco, no one on the outside has the source code ;-) For the hardening guides, check out: http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/securityharde ningguide.mspx And http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/hardeningwind ows.mspx HTH, Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] > Sent: Wednesday, August 17, 2005 1:35 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Array in the domain or not? > > http://www.ISAserver.org > > Oh wait, maybe my question was a bit vague now that I think about > it..... > > How about the ISA array in it's own domain vs. the production > domain vs. > a one way trust between domain? > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Wednesday, August 17, 2005 1:11 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Array in the domain or not? > > > http://www.ISAserver.org > > ALWAYS domain members if they want me to do it. > > Create a GPO for the domain members and use the recs from ISA firewall > hardening guides. Of course, ALWAYS test GPO settings in the > lab before > deploying, unless your production network is your test platform ;-) > > HTH, > > Tom > www.isaserver.org/shinder > Tom and Deb Shinder's Configuring ISA Server 2004 > http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] > > Sent: Wednesday, August 17, 2005 1:09 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Array in the domain or not? > > > > http://www.ISAserver.org > > > > Hi everyone, > > > > For everyone (or anyone) running an array of ISA servers > (either 2k or > > 2k4), do you have then as part of your domain or do you have them in > > their own domain? Looking in from the aspect of high > > security GPO's and > > hardening the entire array from an OS standpoint. > > > > I don't have enough available licenses to play around with > > this, so I'm > > looking for some input. > > > > Thanks! > > Troy > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tradtke@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >