Actually, it came from Microsoft. It was in an article about ISA, as a best practice. I've read a bunch of different articles today, and can't seem to quickly find it. Thanks for the advice though. I do want to make it a domain member. I will continue on with my testing. Mark. ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Tuesday, May 23, 2006 10:57 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Real Newbie Question ACK!!!! Where did you read that drivel? If someone has the ability to break into the ISA firewall, domain membership is immaterial. You end up gaining a ton more security by joining the ISA firewall to the domain. In your scenario, I ALWAYS join the ISA firewall to the domain. To do otherwise would be foolish, IMO. HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Reimer, Mark Sent: Tuesday, May 23, 2006 10:31 AM To: ISA Mailing List Subject: [isalist] Real Newbie Question Hi folks, Design question. We are going to install ISA 2004 as our perimeter firewall with 3 legs (outside, dmz, internal). I've read that the ISA box should not be part of the internal domain for security reasons (if someone breaks into the ISA server box, they haven't compromised the internal AD). But, I basically want to only allow internal AD users to have access to the internet through the ISA server. There will be some short term (a few hours at a time) exceptions, but this is the general plan. What do most people do? Use a Radius server on the internal side to accomplish the above goals? Or install ISA as a member server of the internal domain? We are a windows shop, Win2K3 servers all around. Is there a source of info that would help explain the best method of setting up and ISA server. Thanks. Mark ------------------------------- Mark Reimer Windows Servers & Networking Prairie Bible Institute Box 4000 Three Hills, AB T0M-2N0 Canada 403-443-5511 www.prairie.edu