RE: FW: RE: Domain Error After Quick Start Guide
- From: Troy Radtke <TRadtke@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 6 Jul 2004 12:53:06 -0500
Enterprise version of ISA running in an array..... Requires this kind of
setup.... I'd hate to make schema mods to my corporate domain and cross my
fingers.... besides, administrating a domain like this lets you lock down
everything including the kitchen sink and not touch any of your users on any
other network.... and besides, if someone hacked into your ISA box, they'd
have control over nothing but the domain of your ISA, which leave you chewy,
soft, oh-so-tasty corporate domain untouched, and not trusting that hacked
set of servers.......
Same reasons? Or do you have a nugget of wisdom beyond my understanding?
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, July 06, 2004 12:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: RE: Domain Error After Quick Start Guide
http://www.ISAserver.org
Hi Troy,
It would work, but what is the scenario in which you would want to create
this type of config? (I know of one, but wondering what you're thinking of
here)
Thanks!
Tom
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
<http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Tuesday, July 06, 2004 12:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: RE: Domain Error After Quick Start Guide
http://www.ISAserver.org
Let's review:
Couldn't a one way trust be set up to take care of that issue? (The eternal
question with the assumption that it was not in the same domain as all the
other computers)
A domain trust is just that, a trust between domains. (True, extreamly true,
and that let's you have access to users, groups, ((AD objects)) etc.....)
Are you saying the ISA server is its own domain? (Ah, another question that
needs to assume the system was designed with a workgroup in mind, because
you can not have a domain without AD in W2k)
Why should it not be? (A question to answer a question, sounds like my
girlfriend's kid...)
While that can work, why create the extra overhead and work? (That assumes
that having another AD domain to administrate would be more work than having
it in a work group, which is the only other real option, which would remove
all of that wonder features you're about to bring up.)
ISA is designed to be a member of an AD domain to obtain the full use of all
of its features.(Which is true, which is why I asked the first question of
why not have a trust between two AD domains)
So, I believe that having 2 seperate domains running active directory with a
trust from the ISA domain to the protected domain so that the ISA domain can
access objects and see that users that are authenticated would be a good
thing. That also means that running it in a work group would be a bad
thing, since you'd lose so much of the good features of the software........
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, July 06, 2004 11:20 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Domain Error After Quick Start Guide
http://www.ISAserver.org
While that can work, why create the extra overhead and work? ISA is designed
to be a member of an AD domain to obtain the full use of all of its
features.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Other related posts:
