Well, there's always the problem with certificate autoenrollment :) Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones Sent: Thursday, June 29, 2006 10:03 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Poll - Securing DC's with ISA Hi Tom, Thanks for the feedback - I know we have discussed this a bit before ;-) Yeah I know about the different arrays bit, but wondered if anyone had any good stories to tell on do's and don'ts. No issues just wondered how things well things worked AD replications wise with two dc's at two different sites with two different ISA arrays - just looking for any experience really... JJ Jason Jones | Silversands Limited | T: 01202 360489 | M: 07971 500312 | F: 01202 360900 | E: jason.jones@xxxxxxxxxxxxxxxxx <mailto:jason.jones@xxxxxxxxxxxxxxxxx> ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: 29 June 2006 15:21 To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Poll - Securing DC's with ISA Hi Jason, I haven't used the custom UUIDs for DC protection, I've always used the RPC (all interfaces). You almost always have to have different arrays for different sites, since the internal and external interfaces are on different network IDs. What issues with AD replication have you run into? Thanks! Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones Sent: Thursday, June 29, 2006 7:55 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Poll - Securing DC's with ISA Hi, Quick poll as I am interested in how many of you have used/are using ISA to protect domain controllers in production environments? Have you found it painful or painless in production? If this is something you have done, are you simply using the RPC filter in its native form or have you filtered to the UUID level? How have you coped with DC's that are located across different sites - using different arrays I assume? Does AD replication make this difficult? Based upon forums and discussions with my MS contacts, it seems difficult to get much feedback on this... Thanks for any feedback :-) Cheers JJ Jason Jones | Silversands Limited | T: 01202 360489 | M: 07971 500312 | F: 01202 360900 | E: jason.jones@xxxxxxxxxxxxxxxxx <mailto:jason.jones@xxxxxxxxxxxxxxxxx>