Archived from groups: microsoft.public.win2000.active_directory (More info?)
Firstly, that's not much of a question if you don't mind me saying so.
Secondly, why? What are you trying to achieve?
Give us some more info. and I'm sure we'll be able to help.
--
Paul Williams
http://www.msresource.net
http://forums.msresource.net
"ihadhar" <ihadhar@discussions.microsoft.com> wrote in message
news:54AC865F-EAEA-4057-9F0B-A036375CA3B5@microsoft.com...
ihh
Firstly, that's not much of a question if you don't mind me saying so.
Secondly, why? What are you trying to achieve?
Give us some more info. and I'm sure we'll be able to help.
--
Paul Williams
http://www.msresource.net
http://forums.msresource.net
"ihadhar" <ihadhar@discussions.microsoft.com> wrote in message
news:54AC865F-EAEA-4057-9F0B-A036375CA3B5@microsoft.com...
ihh
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Hi Paul, thanks for responding, sorry i've been gone over the holidays.
Anyway, my question is related to what is the recommended practice for
handling access to dmz servers from internal clients. Basically, I have two
requests. One is to either create a public dmz active directory with a trust
to the internal domain or allow a domain controller from the inside to reside
in the public dmz. I am uncomfortable with both and have searched high and
low for information from others as to what would be the best way to allow our
users access to servers residing in the public dmz. Do you have any
suggestions or best practices. Thanks. ih
"ptwilliams" wrote:
> Firstly, that's not much of a question if you don't mind me saying so.
>
> Secondly, why? What are you trying to achieve?
>
> Give us some more info. and I'm sure we'll be able to help.
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
>
>
> "ihadhar" <ihadhar@discussions.microsoft.com> wrote in message
> news:54AC865F-EAEA-4057-9F0B-A036375CA3B5@microsoft.com...
> ihh
>
>
>
Hi Paul, thanks for responding, sorry i've been gone over the holidays.
Anyway, my question is related to what is the recommended practice for
handling access to dmz servers from internal clients. Basically, I have two
requests. One is to either create a public dmz active directory with a trust
to the internal domain or allow a domain controller from the inside to reside
in the public dmz. I am uncomfortable with both and have searched high and
low for information from others as to what would be the best way to allow our
users access to servers residing in the public dmz. Do you have any
suggestions or best practices. Thanks. ih
"ptwilliams" wrote:
> Firstly, that's not much of a question if you don't mind me saying so.
>
> Secondly, why? What are you trying to achieve?
>
> Give us some more info. and I'm sure we'll be able to help.
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
>
>
> "ihadhar" <ihadhar@discussions.microsoft.com> wrote in message
> news:54AC865F-EAEA-4057-9F0B-A036375CA3B5@microsoft.com...
> ihh
>
>
>
Archived from groups: microsoft.public.win2000.active_directory (More info?)
This does work though it is a bit labor intensive. You should also consider
securing/ signing all replication traffic if you are passing it into a DMZ.
Take a look at the following link:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
That said, what are you trying to do? Authenticate a web page? OWA? You may
have a better option like LDAP or RADIUS (IAS).
--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services
"ihh" <ihh@discussions.microsoft.com> wrote in message
news:29E8D85F-6595-4F1A-AE48-1A24E1ADD115@microsoft.com...
> Hi Paul, thanks for responding, sorry i've been gone over the holidays.
> Anyway, my question is related to what is the recommended practice for
> handling access to dmz servers from internal clients. Basically, I have
two
> requests. One is to either create a public dmz active directory with a
trust
> to the internal domain or allow a domain controller from the inside to
reside
> in the public dmz. I am uncomfortable with both and have searched high
and
> low for information from others as to what would be the best way to allow
our
> users access to servers residing in the public dmz. Do you have any
> suggestions or best practices. Thanks. ih
>
> "ptwilliams" wrote:
>
> > Firstly, that's not much of a question if you don't mind me saying so.
> >
> > Secondly, why? What are you trying to achieve?
> >
> > Give us some more info. and I'm sure we'll be able to help.
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net
> > http://forums.msresource.net
> >
> >
> > "ihadhar" <ihadhar@discussions.microsoft.com> wrote in message
> > news:54AC865F-EAEA-4057-9F0B-A036375CA3B5@microsoft.com...
> > ihh
> >
> >
> >
This does work though it is a bit labor intensive. You should also consider
securing/ signing all replication traffic if you are passing it into a DMZ.
Take a look at the following link:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
That said, what are you trying to do? Authenticate a web page? OWA? You may
have a better option like LDAP or RADIUS (IAS).
--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services
"ihh" <ihh@discussions.microsoft.com> wrote in message
news:29E8D85F-6595-4F1A-AE48-1A24E1ADD115@microsoft.com...
> Hi Paul, thanks for responding, sorry i've been gone over the holidays.
> Anyway, my question is related to what is the recommended practice for
> handling access to dmz servers from internal clients. Basically, I have
two
> requests. One is to either create a public dmz active directory with a
trust
> to the internal domain or allow a domain controller from the inside to
reside
> in the public dmz. I am uncomfortable with both and have searched high
and
> low for information from others as to what would be the best way to allow
our
> users access to servers residing in the public dmz. Do you have any
> suggestions or best practices. Thanks. ih
>
> "ptwilliams" wrote:
>
> > Firstly, that's not much of a question if you don't mind me saying so.
> >
> > Secondly, why? What are you trying to achieve?
> >
> > Give us some more info. and I'm sure we'll be able to help.
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net
> > http://forums.msresource.net
> >
> >
> > "ihadhar" <ihadhar@discussions.microsoft.com> wrote in message
> > news:54AC865F-EAEA-4057-9F0B-A036375CA3B5@microsoft.com...
> > ihh
> >
> >
> >
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Alternatively,
You could have an two separate forests.
It's the best security option then do a scheduled selective replication from
internal to external for accounts - perhaps even script it.
It's what i'd do - keep your internal and external completely separate,
though this may depend on what your requirements are - what do you exactly
what to do?
How were you planning on sharing the data anyway? TS, WebDAV, OWA?
"Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
news:uCAL7CD9EHA.3416@TK2MSFTNGP09.phx.gbl...
> This does work though it is a bit labor intensive. You should also
> consider
> securing/ signing all replication traffic if you are passing it into a
> DMZ.
>
> Take a look at the following link:
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
>
> That said, what are you trying to do? Authenticate a web page? OWA? You
> may
> have a better option like LDAP or RADIUS (IAS).
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "ihh" <ihh@discussions.microsoft.com> wrote in message
> news:29E8D85F-6595-4F1A-AE48-1A24E1ADD115@microsoft.com...
>> Hi Paul, thanks for responding, sorry i've been gone over the holidays.
>> Anyway, my question is related to what is the recommended practice for
>> handling access to dmz servers from internal clients. Basically, I have
> two
>> requests. One is to either create a public dmz active directory with a
> trust
>> to the internal domain or allow a domain controller from the inside to
> reside
>> in the public dmz. I am uncomfortable with both and have searched high
> and
>> low for information from others as to what would be the best way to allow
> our
>> users access to servers residing in the public dmz. Do you have any
>> suggestions or best practices. Thanks. ih
>>
>> "ptwilliams" wrote:
>>
>> > Firstly, that's not much of a question if you don't mind me saying so.
>> >
>> > Secondly, why? What are you trying to achieve?
>> >
>> > Give us some more info. and I'm sure we'll be able to help.
>> >
>> >
>> > --
>> >
>> > Paul Williams
>> >
>> > http://www.msresource.net
>> > http://forums.msresource.net
>> >
>> >
>> > "ihadhar" <ihadhar@discussions.microsoft.com> wrote in message
>> > news:54AC865F-EAEA-4057-9F0B-A036375CA3B5@microsoft.com...
>> > ihh
>> >
>> >
>> >
>
>
Alternatively,
You could have an two separate forests.
It's the best security option then do a scheduled selective replication from
internal to external for accounts - perhaps even script it.
It's what i'd do - keep your internal and external completely separate,
though this may depend on what your requirements are - what do you exactly
what to do?
How were you planning on sharing the data anyway? TS, WebDAV, OWA?
"Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
news:uCAL7CD9EHA.3416@TK2MSFTNGP09.phx.gbl...
> This does work though it is a bit labor intensive. You should also
> consider
> securing/ signing all replication traffic if you are passing it into a
> DMZ.
>
> Take a look at the following link:
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
>
> That said, what are you trying to do? Authenticate a web page? OWA? You
> may
> have a better option like LDAP or RADIUS (IAS).
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "ihh" <ihh@discussions.microsoft.com> wrote in message
> news:29E8D85F-6595-4F1A-AE48-1A24E1ADD115@microsoft.com...
>> Hi Paul, thanks for responding, sorry i've been gone over the holidays.
>> Anyway, my question is related to what is the recommended practice for
>> handling access to dmz servers from internal clients. Basically, I have
> two
>> requests. One is to either create a public dmz active directory with a
> trust
>> to the internal domain or allow a domain controller from the inside to
> reside
>> in the public dmz. I am uncomfortable with both and have searched high
> and
>> low for information from others as to what would be the best way to allow
> our
>> users access to servers residing in the public dmz. Do you have any
>> suggestions or best practices. Thanks. ih
>>
>> "ptwilliams" wrote:
>>
>> > Firstly, that's not much of a question if you don't mind me saying so.
>> >
>> > Secondly, why? What are you trying to achieve?
>> >
>> > Give us some more info. and I'm sure we'll be able to help.
>> >
>> >
>> > --
>> >
>> > Paul Williams
>> >
>> > http://www.msresource.net
>> > http://forums.msresource.net
>> >
>> >
>> > "ihadhar" <ihadhar@discussions.microsoft.com> wrote in message
>> > news:54AC865F-EAEA-4057-9F0B-A036375CA3B5@microsoft.com...
>> > ihh
>> >
>> >
>> >
>
>
TRENDING THREADS
-
-
-
News US sanctions transform China into legacy chip production juggernaut — production jumped 40% in Q1 2024- Started by Admin
- Replies: 31
-
RTX 4070 vs RX 7900 GRE faceoff: Which mainstream graphics card is better?
- Started by Admin
- Replies: 70
-
Question I have been stuck between NVMe and SATA SSD. What should I do now?- Started by maniac2556
- Replies: 19
-
Question New pc build r9 7900x3d rtx 4080 super no post only ram rgb turns on- Started by Harvey Durward
- Replies: 5
-
Question 1TB HDD 80% Fragmented, Windows 10 Optimise Drives Program Doesn't Help
- Started by sdfbvcxbf
- Replies: 7
Latest posts
-
-
-
-
-
Question Cpu max clock speed showing up as the base speed in task manager
- Latest: Oliver Akehurst
-
Facebook
Twitter
Instagram