They just basically feel that having a machine joined to the domain inside the DMZ is exposing AD. I asked them how they felt that but they couldn't give me a reason why they did and I couldn't give them a reason why it couldn't. Alex ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, August 09, 2005 10:21 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Installing ISA 2004 in workgroup. http://www.ISAserver.org Hi Alex, Common problem -- based on no facts on the side of those "concerned" Ask them how the AD is exposed. How would someone access the AD from the ISA firewall? Where is there a single report anywhere that an ISA firewall has ever been compromised to enable this exposure? What are they doing on the inside, where the overwhelming majority of attacks source form, to protect against AD exposure, and have they considered that exposure to be orders of magnitude higher than what theoretical *might* take place if the ISA firewall were "owned" (which won't happen if properly configured) HTH, Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 09, 2005 9:08 AM To: [ISAserver.org Discussion List] Subject: RE: [isalist] RE: Installing ISA 2004 in workgroup. Hi Tom: Actually while on the topic, what is the main reason to join it to the domain? I joined the one I am setting up and people disagreed. I told them it was standard but they didnt want Active Directory exposed. What can I tell them to calm them down? Alex ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tue 8/9/2005 9:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Installing ISA 2004 in workgroup. http://www.ISAserver.org It *is* complex. Join the firewall to the domain. There's no reason not to. Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Faraz [mailto:f_hkhan@xxxxxxxxx] > Sent: Tuesday, August 09, 2005 8:54 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Installing ISA 2004 in workgroup. > > http://www.ISAserver.org > > hi everybody > can anyone tell me the link where i can talk through the procedure of > installing ISA server 2004 in workgroup, [i have read microsoft KB > article(but that looks complex(i have to install even certificate > service))], i want to install both Configuratio Storage server & ISA > services on same computer, please send me a good link?????????? > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: agonzalez@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: agonzalez@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx