I am putting one of my web server in the DMZ. I wanted to know what I
had to do in order for the "Integrated Windows security" to work.
Thanks.

John

[ Post a follow-up to this message ]

"John Giblin" <jwgiblin3@hotmail.com> wrote in message
news:3d6785ec.0407081235.5bb5793a@posting.google.com...
> I am putting one of my web server in the DMZ. I wanted to know what I
> had to do in order for the "Integrated Windows security" to work.

Is the server part of the same Windows domain as the clients?

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com

[ Post a follow-up to this message ]

Where is the domain controller for the domain this server is part of ? Is th
is a separate domain then your production internal domain ?

If this is a separate domain and is trusting your internal domain, so that y
ou can authenticate your internal users if were to use the external facing a
pplications from outside your corporate network, then for security move the 
external domain controller(
s) into the internal network and configure IPSEC through the wirewall such t
hat all communication of the webserver with the DC is secure. Since the doma
in already trusts the internal production domain, you would be able to authe
nticate the internal users.


Hope this makes sense.

"Tom Kaminski [MVP]" wrote:

> "John Giblin" <jwgiblin3@hotmail.com> wrote in message
> news:3d6785ec.0407081235.5bb5793a@posting.google.com... 
>
> Is the server part of the same Windows domain as the clients?
>
> --
> Tom Kaminski IIS MVP
> http://www.microsoft.com/windowsser...ty/centers/iis/
> http://mvp.support.microsoft.com/
> http://www.iisfaq.com/
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running II
S
> http://www.tryiis.com
>
>
>

[ Post a follow-up to this message ]

Thanks,  that was very helpful

"LiveUnDead" <LiveUnDead@discussions.microsoft.com> wrote in message news:<8A65990B-4E8B-4EA
5-BF1F-DE2227EF44FA@microsoft.com>...
> Where is the domain controller for the domain this server is part of ? Is 
this a separate domain then your production internal domain ?
>
> If this is a separate domain and is trusting your internal domain,
so that you can authenticate your internal users if were to use the
external facing applications from outside your corporate network, then
for security move the external domain controller(s) into the internal
network and configure IPSEC through the wirewall such that all
communication of the webserver with the DC is secure. Since the domain
already trusts the internal production domain, you would be able to
authenticate the internal users.[vbcol=seagreen]
>
> Hope this makes sense.
>
> "Tom Kaminski [MVP]" wrote:
> 

[ Post a follow-up to this message ]