Unfortunately, expense is often the primary driving force in deployments. The questions we get are often over-simplified, and lacking that crucial bit of information like, "I only have $1.298 to spend, but I need to build a Google competitor. and protect it with ISA on a Kaypro 2." Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "cismic" <cismic@xxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, December 23, 2003 10:20 Subject: [isalist] RE: ISA server on a DC http://www.ISAserver.org How would the setup of this be? 1. External Domain maybe with ISA, DC and external DNS all setup for security purposes. 2. DMZ with it's own domain 3. Then of course the internal domain. Not sure if those are good setups or not. Sometimes the expense of licensing doesn't permit The different labs I like to setup. Joseph -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, December 23, 2003 6:24 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA server on a DC http://www.ISAserver.org Hi Phil, This statement "ISA cannot be installed on NT4 and therefore cannot be part of an NT4 domain" is incorrect. While it's true that ISA can't be installed on an NT4 box, there's nothing that prevents Windows 2000 or Windows 2003 from joining an NT4 domain. Of all the scenarios that ISA supports, having the DC on the firewall is the least secure (skip the SBS discussion for now). You can (in preference order): 1. create an ISA domain (forest) that trusts the internal domain 2. create an ISA / DC that trusts the internal domain 3. join the internal domain And no, I wasn't assuming "the same domain", although I didn't make that clear, either. I generally try to discourage joining the ISA to an existing domain if possibe. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Tue, 23 Dec 2003 20:40:57 +1100 "Phill Hardstaff - SPC" <phillh@xxxxxxx> wrote: http://www.ISAserver.org OK, heres a question for you guys : 1) You want to authenticate your proxy server requests. 2) You are running an NT4 domain (yes there are still plenty) 3) You only have ONE box to install ISA on. OK, how are you are going to get authentication requests from the ISA box to your NT4 domain ? knowing full well that ISA cannot be installed on NT4 and therefore cannot be part of an NT4 domain ? and you certainly don't want to install ISA on a Win2K member server in your domain (well you wouldn't would you ?) Think about it ? I know one solution, and it involves what you are saying not so do below. i.e. install ISA in it's own domain as a DC, and have a one way trust with the NT4 domain, i.e. the NT4 domain is trusted by the ISA box but the ISA domain is not trusted by the NT 4 domain. If you know of any other way to get this work I would be interested. What I am saying is that installing on a DC in certain situations is not a problem (DC in it's own domain), everyone always seems to assume it's the DC for the main and only domain :) and this may well be what this guy was talking about, then again it may not. Cheers Phill ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, December 23, 2003 2:59 PM Subject: [isalist] RE: ISA server on a DC http://www.ISAserver.org Hi Ryan, I highly recommend against it. It might work, but I didn't test that config. The point of that article was to show people how it could work, but I hope it didn't give the impression that I approved of the config. HTH, Tom -----Original Message----- From: Ryan Palmer [mailto:RyanPalmer77@xxxxxxxxx] Sent: Monday, December 22, 2003 4:11 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA server on a DC http://www.ISAserver.org I was just reading the article about installing ISA on a Domain Controller. In the article they promoted the server to a DC before installing ISA. Can I install ISA on my server and promote it to a Domain Controller at a later date? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: phillh@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')