Webserver Security

[Arthur C]

I have IIS running on W 2003 server. This server is not on the domain. Is
it a security risk to join this server to the domain. I have a staff
website that I would like to authenticate the staff users from the domain
ADS. Or is there a way to authenticate users from the domain. I have tried
several different options in the IIS properties, but with no luck in what I
would like to accomplish.

Thanks
Arthur

 

[Keith W. McCammon]

If the server is publicly accessible, the risk to your domain would increase
if the server in question were added. How much or how little depends on too
many things to name.

And yes, you can use basic or integrated authentication to authenticate
domain users, provided that you add the system to the domain. Otherwise,
you'll need to use another authentication source (database, etc.) or create
accounts on the web server itself (bulky).