Enterprise version of ISA running in an array..... Requires this kind of setup.... I'd hate to make schema mods to my corporate domain and cross my fingers.... besides, administrating a domain like this lets you lock down everything including the kitchen sink and not touch any of your users on any other network.... and besides, if someone hacked into your ISA box, they'd have control over nothing but the domain of your ISA, which leave you chewy, soft, oh-so-tasty corporate domain untouched, and not trusting that hacked set of servers....... Same reasons? Or do you have a nugget of wisdom beyond my understanding? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, July 06, 2004 12:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: RE: Domain Error After Quick Start Guide http://www.ISAserver.org Hi Troy, It would work, but what is the scenario in which you would want to create this type of config? (I know of one, but wondering what you're thinking of here) Thanks! Tom <http://www.isaserver.org/shinder> www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] Sent: Tuesday, July 06, 2004 12:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] FW: RE: Domain Error After Quick Start Guide http://www.ISAserver.org Let's review: Couldn't a one way trust be set up to take care of that issue? (The eternal question with the assumption that it was not in the same domain as all the other computers) A domain trust is just that, a trust between domains. (True, extreamly true, and that let's you have access to users, groups, ((AD objects)) etc.....) Are you saying the ISA server is its own domain? (Ah, another question that needs to assume the system was designed with a workgroup in mind, because you can not have a domain without AD in W2k) Why should it not be? (A question to answer a question, sounds like my girlfriend's kid...) While that can work, why create the extra overhead and work? (That assumes that having another AD domain to administrate would be more work than having it in a work group, which is the only other real option, which would remove all of that wonder features you're about to bring up.) ISA is designed to be a member of an AD domain to obtain the full use of all of its features.(Which is true, which is why I asked the first question of why not have a trust between two AD domains) So, I believe that having 2 seperate domains running active directory with a trust from the ISA domain to the protected domain so that the ISA domain can access objects and see that users that are authenticated would be a good thing. That also means that running it in a work group would be a bad thing, since you'd lose so much of the good features of the software........ -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, July 06, 2004 11:20 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Domain Error After Quick Start Guide http://www.ISAserver.org While that can work, why create the extra overhead and work? ISA is designed to be a member of an AD domain to obtain the full use of all of its features. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist