Re: NewBie ASP.NET on a PDC securiy sugestions
From: Rob Dob (robdob20022001@yahoo.com)
Date: 11/13/02
- Next message: Dan C: "SQL Server does not exist or access denied"
- Previous message: Tim Greenwood: "Gaining access to network shares from WebServices and WebForms"
- In reply to: Willy Denoyette [MVP]: "Re: NewBie ASP.NET on a PDC securiy sugestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rob Dob" <robdob20022001@yahoo.com> Date: Tue, 12 Nov 2002 19:52:32 -0500
Hi,
The only reason I am running DC, is because I never new better. my users
are about 25, I am running SQL, and imail, and DNS on the server. It is the
only machine within the domain, Also I don't think I need a dc to run my
web services. all I need my server to do is run, SQL, imail, DNS, and
webservices.. Would I be better off demoting my server? if so am I going
to lose any information when I do so.., if so can I don anything in order to
mininize the impact.
thanks again for all the time you are taking in helping me out.
Rob...
"Willy Denoyette [MVP]" <willy.denoyette@pandora.be> wrote in message
news:eAtZxcbiCHA.1544@tkmsftngp09...
> Not sure what you are using the DC, for instance I have no idea about the
size of the domain it is serving expressed in number of AD
> objects (users, OU etc.) and the number of registered records in the DNS
namespace, but you should keep in mind that a DC has a
> dedicated purpose and it looks like you only have a single DC in your
domain, which means it's a single point of failure, which is
> equally bad as running services like SQL, IIS etc on it.
> Another question to be answered is "do you really need a DC to run your
internet application/web services?" I personally don't think
> so.
> But If the answer is YES, I would suggest you consider to separate the DC
from the application/Web server, a entry level PC can be
> used as a DC (PII 300Mhz - 128Mb,4 GB disk - preferably two of them), and
secure the connection between both entities at a maximum.
>
> Willy.
>
>
> "Rob Dob" <robdob20022001@yahoo.com> wrote in message
news:ej5dUjZiCHA.716@tkmsftngp11...
> > Hi,
> >
> > thank you, this is going to be run on the internet.., are you saying
that
> > I should have two machines, one DC and another Stand Alone Server. are
> > should I just demote my DC. and just use the one machine... my DC is
> > currently running DNS, Mail, and SQL.. I hate the thought of demoting
my DC
> > and then running the risk of losing all my active directory info, dns
> > ect.... On the other hand I'm co locating so if I need to put another
box
> > in then I will have to spend twice the money.. Any/all sugggestions
would be
> > greatly appreciated..
> >
> > Rob...
> > P.S. : I'm running W2K Server
> >
> > "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> wrote in message
> > news:OnhU1fXiCHA.4228@tkmsftngp08...
> > > The problem is that when running IIS on a DC, you run security
sensitive
> > application services (your Actice Directory, Logon Service,
> > > LSA etc.) and a security vulnerable applications IIS/ASP/ASP.NET on
the
> > same box, the result is that a logged on user doesn't need
> > > network credentials to access the security services, when running them
on
> > separate boxes it't much easier to secure the DC from
> > > unauthorized access.
> > > Now it depends what kind of applications you are running and to whom
they
> > are exposed (Intranet/Internet).
> > > In general it's a very bad idea to do so on the internet, but be
carefull,
> > also bad guy's are lurking on an intranet.
> > >
> > > Willy.
> > >
> > > "Rob Dob" <robdob20022001@yahoo.com> wrote in message
> > news:OkLm5fQiCHA.4228@tkmsftngp08...
> > > > Hi,
> > > >
> > > > the only reason I wanted to demote was because of security issues
while
> > > > running ASP.NET on a PDC, I would much prefer to iron out the
security
> > > > issues. Is there a workaround for these PDC/ ASPX.net security
issues,
> > I
> > > > heard they were a bug but microsoft has already releases SP2 of the
> > > > framework and still haven't addressed this. In otherwards what I am
> > asking
> > > > is can I safely run asp.net on a PDC?
> > > >
> > > > thanks, ..
> > > >
> > > >
> > > > "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> wrote in
message
> > > > news:Ots6dRBiCHA.3752@tkmsftngp08...
> > > > > YES, you can demote a DC supposed it's a W2K DC, but why would you
do
> > this
> > > > as you throw away your W2K Domain.
> > > > >
> > > > > "Rob Dob" <robdob20022001@yahoo.com> wrote in message
> > > > news:OlzWmBAiCHA.1800@tkmsftngp09...
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I have a question, I have ONE computer, it is a Windows 2000
> > Server,
> > > > PDC
> > > > > > and is running ASP.NET. I have heard about a bug within the
system
> > > > where
> > > > > > you have to run asp.net as user=SYSTEM. When I do this
everything
> > runs
> > > > > > fine, but from what I hear there are serious security issues
with
> > > > running
> > > > > > ASP.NET on a PDC. What are my options.. Do/can I demote my
server,
> > > > what
> > > > > > if anything can I.
> > > > > >
> > > > > > thanks, rob..
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Dan C: "SQL Server does not exist or access denied"
- Previous message: Tim Greenwood: "Gaining access to network shares from WebServices and WebForms"
- In reply to: Willy Denoyette [MVP]: "Re: NewBie ASP.NET on a PDC securiy sugestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
