Hi Troy, It would work, but what is the scenario in which you would want to create this type of config? (I know of one, but wondering what you're thinking of here) Thanks! Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls -----Original Message----- From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] Sent: Tuesday, July 06, 2004 12:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] FW: RE: Domain Error After Quick Start Guide http://www.ISAserver.org Let's review: Couldn't a one way trust be set up to take care of that issue? (The eternal question with the assumption that it was not in the same domain as all the other computers) A domain trust is just that, a trust between domains. (True, extreamly true, and that let's you have access to users, groups, ((AD objects)) etc.....) Are you saying the ISA server is its own domain? (Ah, another question that needs to assume the system was designed with a workgroup in mind, because you can not have a domain without AD in W2k) Why should it not be? (A question to answer a question, sounds like my girlfriend's kid...) While that can work, why create the extra overhead and work? (That assumes that having another AD domain to administrate would be more work than having it in a work group, which is the only other real option, which would remove all of that wonder features you're about to bring up.) ISA is designed to be a member of an AD domain to obtain the full use of all of its features.(Which is true, which is why I asked the first question of why not have a trust between two AD domains) So, I believe that having 2 seperate domains running active directory with a trust from the ISA domain to the protected domain so that the ISA domain can access objects and see that users that are authenticated would be a good thing. That also means that running it in a work group would be a bad thing, since you'd lose so much of the good features of the software........ -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, July 06, 2004 11:20 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Domain Error After Quick Start Guide http://www.ISAserver.org While that can work, why create the extra overhead and work? ISA is designed to be a member of an AD domain to obtain the full use of all of its features.