Sign in with
Sign up | Sign in
Your question

Intranet Issue

Last response: in Windows 2000/NT
Share
December 2, 2004 5:29:43 PM

Archived from groups: microsoft.public.win2000.networking,microsoft.public.win2000.group_policy,microsoft.public.win2000.dns,microsoft.public.inetserver.iis (More info?)

I created an intranet website. I created a dns record called intranet so
when users type in http://intranet it goes to my site. I remember with older
software i think NT4 or 98 you would have to add this to a setting so when
users type this in their browser it will stay in the internal LAN rather
than trying to resolve it or access it on the outside. How do you configure
this in windows 2000. Also I get an active x security warning on some
computers when they view the site how can i setup a GPO to allow this site
to low securty.

thanks


--
Hope this Helps
Dan V
This posting is provided "AS IS" with no warranties, and confers no rights

More about : intranet issue

Anonymous
December 2, 2004 5:52:59 PM

Archived from groups: microsoft.public.win2000.networking,microsoft.public.win2000.group_policy,microsoft.public.win2000.dns,microsoft.public.inetserver.iis (More info?)

"Dan" <anonymous@discussions.microsoft.com> wrote in message
news:%23gplp2K2EHA.3064@TK2MSFTNGP10.phx.gbl...
> I created an intranet website. I created a dns record called intranet so
> when users type in http://intranet it goes to my site. I remember with
older
> software i think NT4 or 98 you would have to add this to a setting so when
> users type this in their browser it will stay in the internal LAN rather
> than trying to resolve it or access it on the outside. How do you
configure
> this in windows 2000. Also I get an active x security warning on some
> computers when they view the site how can i setup a GPO to allow this site
> to low securty.

The exception list is part of the browser. It doesn't matter if it was 98,
NT, 2000, XP, or 2003. It is all the same. You never needed that in 98 or
NT either,...what it really depended on what what kind of device was being
used to "provide" the Internet (proxy, nat firewall, etc) and how that
device is built, configured, and how its "behavor logic" is designed.

For example a CERN Compliant Web Proxy would resolve the URL on behalf of
the client (client doesn't resolve it itself typically in such cases). The
DNS used by the proxy must be the one setup to resolve to the IP# you
desire. It then compared the discovered IP# to the Local Address Table (LAT)
and if it was in the table the proxy "dropped out" and let the client acess
the site directly, but it the address was not in the LAT it would pass the
request to the outbound Internet router. A NAT-based Firewall device would
be a little different, the client would resolve the URL itself, so whatever
DNS it used had to be the right one so it would resolve to the right
address. Once it had the address it would drop the request on to the "wire"
if it was the same subnet or pass it to the Layer3 routing scheme (default
gateway or static specified gateway). If the request then reached the
Firewall Device it would compare it to it LAT and process accrdingly.

I have used each of those variations here at our location and run Win95,
Win98, NT4.0, Win2000, XP, and Server 2000 & 2003. I have never had to
include an exception in the Browsr's exception list.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
December 2, 2004 6:12:07 PM

Archived from groups: microsoft.public.win2000.networking,microsoft.public.win2000.group_policy,microsoft.public.win2000.dns,microsoft.public.inetserver.iis (More info?)

I dont have a proxy server. I just have a Watchguard firewall. Yes now i
remember the settings i was talking about was the proxy setup where you can
bypass certain sites in the exception list. Since i dont use a proxy then i
think im ok.

"Phillip Windell" <@.> wrote in message
news:%23gEWpDL2EHA.3236@TK2MSFTNGP15.phx.gbl...
> "Dan" <anonymous@discussions.microsoft.com> wrote in message
> news:%23gplp2K2EHA.3064@TK2MSFTNGP10.phx.gbl...
> > I created an intranet website. I created a dns record called intranet so
> > when users type in http://intranet it goes to my site. I remember with
> older
> > software i think NT4 or 98 you would have to add this to a setting so
when
> > users type this in their browser it will stay in the internal LAN rather
> > than trying to resolve it or access it on the outside. How do you
> configure
> > this in windows 2000. Also I get an active x security warning on some
> > computers when they view the site how can i setup a GPO to allow this
site
> > to low securty.
>
> The exception list is part of the browser. It doesn't matter if it was 98,
> NT, 2000, XP, or 2003. It is all the same. You never needed that in 98 or
> NT either,...what it really depended on what what kind of device was being
> used to "provide" the Internet (proxy, nat firewall, etc) and how that
> device is built, configured, and how its "behavor logic" is designed.
>
> For example a CERN Compliant Web Proxy would resolve the URL on behalf of
> the client (client doesn't resolve it itself typically in such cases). The
> DNS used by the proxy must be the one setup to resolve to the IP# you
> desire. It then compared the discovered IP# to the Local Address Table
(LAT)
> and if it was in the table the proxy "dropped out" and let the client
acess
> the site directly, but it the address was not in the LAT it would pass the
> request to the outbound Internet router. A NAT-based Firewall device
would
> be a little different, the client would resolve the URL itself, so
whatever
> DNS it used had to be the right one so it would resolve to the right
> address. Once it had the address it would drop the request on to the
"wire"
> if it was the same subnet or pass it to the Layer3 routing scheme (default
> gateway or static specified gateway). If the request then reached the
> Firewall Device it would compare it to it LAT and process accrdingly.
>
> I have used each of those variations here at our location and run Win95,
> Win98, NT4.0, Win2000, XP, and Server 2000 & 2003. I have never had to
> include an exception in the Browsr's exception list.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
Related resources
Anonymous
December 2, 2004 7:23:50 PM

Archived from groups: microsoft.public.win2000.networking,microsoft.public.win2000.group_policy,microsoft.public.win2000.dns,microsoft.public.inetserver.iis (More info?)

"Dan" <anonymous@discussions.microsoft.com> wrote in message
news:uVq7VOL2EHA.1296@TK2MSFTNGP10.phx.gbl...
> I dont have a proxy server. I just have a Watchguard firewall. Yes now i

Yes, one of my "internet devices" is a Watchgaurd too,...its a 1000 series.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Anonymous
December 2, 2004 7:40:08 PM

Archived from groups: microsoft.public.win2000.networking,microsoft.public.win2000.group_policy,microsoft.public.win2000.dns,microsoft.public.inetserver.iis (More info?)

"Dan" <anonymous@discussions.microsoft.com> wrote in message
news:uVq7VOL2EHA.1296@TK2MSFTNGP10.phx.gbl...
> I dont have a proxy server. I just have a Watchguard firewall. Yes now i
> remember the settings i was talking about was the proxy setup where you
can
> bypass certain sites in the exception list. Since i dont use a proxy then
i
> think im ok.

You still shouldn't have to use that exception list,...but if it is working
you can just go with it. But I'm stilll thinking about this,...is this a
Domain?,...you have a DC running DNS? How have you rigged this up?

The simplest and standard way would be to have *all* machines use your
AD/DNS (and only that) as their DNS setting in their network config. The
only place your ISP's DNS would ever appear is in the forwarders list in
your DNS's config. The ISP's DNS should not even appear in the DC's own
network config,...it should not be anywhere except within the Forwarder's
list of the AD/DNS config.

Your own DNS will always be the first DNS (and really the only) that is
queried. If it can't resolve the URL itself it will the "ask" the ISP's DNS
and then give the result back to the Client. The Client will never ask the
ISP's DNS for anything directly. This way, any "intranet" URL will always
be processed by your own DNS which should alwys be able to handle it and
there will never be any "DNS confusion" so there would never be any need for
the "exceptions" to be placed in the browser's settings on the individual
clients.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
December 3, 2004 11:07:36 AM

Archived from groups: microsoft.public.win2000.networking,microsoft.public.win2000.group_policy,microsoft.public.win2000.dns,microsoft.public.inetserver.iis (More info?)

I have my clients point to my Internal DNS Server i have two DC and both
are running DNS in AD mode. My isp doesnt provide DNS so i dont have any
fowarders. I tried to use my register (Network Solutions) dns servers but
kept getting a lot of dns error in the event log.

thanks


"Phillip Windell" <@.> wrote in message
news:uHfth$L2EHA.3468@TK2MSFTNGP14.phx.gbl...
> "Dan" <anonymous@discussions.microsoft.com> wrote in message
> news:uVq7VOL2EHA.1296@TK2MSFTNGP10.phx.gbl...
> > I dont have a proxy server. I just have a Watchguard firewall. Yes now i
> > remember the settings i was talking about was the proxy setup where you
> can
> > bypass certain sites in the exception list. Since i dont use a proxy
then
> i
> > think im ok.
>
> You still shouldn't have to use that exception list,...but if it is
working
> you can just go with it. But I'm stilll thinking about this,...is this a
> Domain?,...you have a DC running DNS? How have you rigged this up?
>
> The simplest and standard way would be to have *all* machines use your
> AD/DNS (and only that) as their DNS setting in their network config. The
> only place your ISP's DNS would ever appear is in the forwarders list in
> your DNS's config. The ISP's DNS should not even appear in the DC's own
> network config,...it should not be anywhere except within the Forwarder's
> list of the AD/DNS config.
>
> Your own DNS will always be the first DNS (and really the only) that is
> queried. If it can't resolve the URL itself it will the "ask" the ISP's
DNS
> and then give the result back to the Client. The Client will never ask the
> ISP's DNS for anything directly. This way, any "intranet" URL will always
> be processed by your own DNS which should alwys be able to handle it and
> there will never be any "DNS confusion" so there would never be any need
for
> the "exceptions" to be placed in the browser's settings on the individual
> clients.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
!