I am not an IIS guy and there is also a separate IIS security newsgroup
which you will find helpful. However I would certainly never make a domain
controller a public IIS server and not a domain member unless absolutely
necessary. Of course a firewall is needed to protect any IIS server to just
allow necessary traffic with default block all inbound and outbound rules
with exceptions then created for needed traffic. A non domain controller
domain member does not have any AD info stored on it, though it potentially
could be an entrance point to the domain resources that might not exist
otherwise. I would also be sure to harden our IIS server by at least running
IIS lockdown tool on it only after backing up current confiuration with the
IIS management console. --- Steve
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/locktool.asp
Jozz said:
Hi
What are the considerations that need to be taken into account when
planning to deploy an AD, with web-server environment?
What do I need to consider in terms of public access to the AD and AD
schema and other secuirty issues?
