• From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
  • To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 29 May 2003 12:00:45 -0700

At 11:43 AM 5/29/2003, you wrote:

Lecture away, just do your best to provide me with instruction on the way you would do it ;)

Overall, I have no problem with the TSAC access, but I would do it a slightly different way if possible.

If you already have a web server somewhere that is accessible to the outside world, then use that guy to host the
TSAC. It sounds like the only reason you are installing IIS on the ISA is for the TSAC. This does a few things- one, you already have an IIS box that is in your patch management solution, and you don't have to worry about the admin of IIS on ISA. You also don't have to worry about having someone else with admin rights having to go to the ISA box to start and stop IIS when you need to get in. The TSAC loads to your client- from there it is a direct connection to whatever TS box you want, so there is no "need" for ISA to host IIS as well.

There are other things I would do, like use the XP Remote Web components on your web server, which gives you the "new" version of the TSAC which will let you specify a custom port for a bit more protection. If you do that, it makes sense to put ACL's on the TSAC directory so that anonymous users don't get to see what the port is.

That would be a good start....


Other related posts: