Re: W2K3 domain in DMZ

From: S. Pidgorny (
Date: 06/15/04

Date: Tue, 15 Jun 2004 19:31:37 +1000

Hi there:

"Hairy One Kenobi" <abuse@[]> wrote in message

> Personally, I prefer a non-domain setup (don't like the prospect of having
> all machines compromised by one password, or of having a DNS in the DMZ).

Well, you are prepared to manage passwords and other stuff (patches,
security policies, etc.) on the whole heap of stand-alone hosts? You will be
changing admin and service account passwords regularly on single one of

_All_ of the non-domain DMZs that I have seen "featured" same supervisor
credentials yet had more problems that domain helps to solve.

Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

Relevant Pages

    ... >> Mike - you indicated that a manual removal left you with a few ... | Running a Windows Update scan on them found no OS patches missing. ... oldest modality is weak passwords. ... Strong Passwords and the local administrators account also uses strong passwords. ...
  • Re: SQL services do not seem to be starting
    ... >I have not installed any patches or Windows Updates since it was last ... >working on Friday, or changed any passwords. ... > I tried the manual net start and got the response: ...
  • Re: Exchange 2003 Front End/Back End Servers & Passwords
    ... Peter Marshall wrote: ... > end server in a DMZ to allow external access. ... > My question is can I have robust passwords for logging onto the front ...
  • Re: securing dial-in
    ... > lead straight into the DMZ. ... > AFAIK, mgetty only relies on passwords, which in this case, I am not ... user dials in and enters a username, ...
  • Re: Transmitting Sensitive Information between Servers
    ... servers within our DMZ. ... Passwords should never be transmitted in the clear. ... I wouldn't worry too ... much about usernames, though, as they tend to be predictible anyway. ...