Because in your original email, you asked what could be done to allow users
to logon, but nothing else. As you have fleshed this out (kind of), I see
nothing that you are doing that requires Microsoft authentication per se,
and certainly nothing that needs a domain controller. A domain controller is
going to generate more traffic and more over head than if you just run the
box off a workgroup environment. Also, if you aren't going to support domain
functions, why implement a domain controller, and all of it's extraneous
services that you have already stated you want to prevent? KISS. That is my
reasoning.
Regardless of what you do though, I don't feel like we are getting enough
information from you to make more that half informed recommendations. I
still don't understand what traffic you want to prevent, and what traffic
you want to permit.
Wes Noonan, MCP+I/MCSE/MCT/CCNA/NNCSS
Senior QA Rep
(713) 918-2412
BMC Software, Inc.
[EMAIL PROTECTED]
http://www.bmc.com
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 15, 2000 15:11
To: Noonan, Wesley; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Windows 2k Advanced Server Hardening
Why not make it a PDC ??
/mark
At 03:06 PM 9/15/00 -0500, Noonan, Wesley wrote:
>Why make it a domain controller then? Also, what would the need be for
>Microsoft authentication on it? Can you choose another authentication
>scheme? If so, you will find it much easier to harden.
>
>Another option though, that sounds better to me, would be to put it behind
a
>firewall and either VPN and/or terminal serve into it. This should go a
long
>way towards keeping the unwanted visitor out.
>
>Good luck!!
>
>Wes Noonan, MCP+I/MCSE/MCT/CCNA/NNCSS
>Senior QA Rep
>(713) 918-2412
>BMC Software, Inc.
>[EMAIL PROTECTED]
>http://www.bmc.com
>
> -----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent: Friday, September 15, 2000 14:56
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: RE: Windows 2k Advanced Server Hardening
>
>Actually the Win 2k Advanced Server would be used for collaborative
>engineering over the WWW. Custom development tools or source
>check-in/check-out similiar to a couple of small start-ups in the valley
>here.
>
>/m
>
>At 12:45 PM 9/15/00 -0600, ROTTENBERG,HAL \(HP-USA,ex1\) wrote:
> >You didn't plan to expose your PDC to the Internet---I hope. That's my
> >first recommendation.
> >
> >Assuming that's the case, then many of the suggestions you would find on
> >this list wouldn't be applicable.
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
