IIS Server Security - DMZ access for internal and external users

Author

DMZ access for internal and external users

Susan

2005-03-28, 6:18 pm

I need to put a 2003 Web Edition server on a DMZ, but it has to be accessible
by both internal LAN users from multiple world-wide subnets and by Employees
on the outside.

I configured it on the internal LAN, then moved it to the DMZ, but I did not
put any user groups into it, and now I cannot add groups from my internal NT
4.0 domain. Becasue I am the administrator, I am the only one who can log
into the server. I don't want to enter world-wide groups individually though,
all I want to add is the Everyone group for the internal domain. My thought
right now is to pull it back to the internal domain, and add the group.

I also do not know how to get the other subnets to be able to access the
server.

Any help would be appreciated.

Jeff Cochran

2005-03-28, 6:18 pm

On Mon, 28 Mar 2005 06:27:03 -0800, "Susan"
<Susan@discussions.microsoft.com> wrote:

>I need to put a 2003 Web Edition server on a DMZ, but it has to be accessible
>by both internal LAN users from multiple world-wide subnets and by Employees
>on the outside.
>
>I configured it on the internal LAN, then moved it to the DMZ, but I did not
>put any user groups into it, and now I cannot add groups from my internal NT
>4.0 domain. Becasue I am the administrator, I am the only one who can log
>into the server. I don't want to enter world-wide groups individually though,
>all I want to add is the Everyone group for the internal domain. My thought
>right now is to pull it back to the internal domain, and add the group.
>
>I also do not know how to get the other subnets to be able to access the
>server.

It's not an IIS issue, it's a firewall setting. If the server is in
the LAN domain, you need to open the appropriate ports to allow domain
authentication to the uinternal DC. Check a server group and/or your
firewall support for information on how to do that.

Jeff