Follow the link that Tony Murray posted concerning the remediation steps. It gives a quick account of the issue.
-------------------------------------------------------------- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] > Sent: Friday, March 14, 2003 11:54 AM > To: '[EMAIL PROTECTED]' > Subject: RE: RE: [ActiveDir] DC role > > > What is the security risk? Do you have documentation that we > can look at? > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: Friday, March 14, 2003 10:26 AM > To: '[EMAIL PROTECTED]' > Subject: RE: RE: [ActiveDir] DC role > > Actually, you're supposed to keep DHCP off of Active > Directory DC's - there's a fairly major security hole with > them being colocated. > > -------------------------------------------------------------- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 14, 2003 10:17 AM > > To: [EMAIL PROTECTED] > > Subject: RE: RE: [ActiveDir] DC role > > > > > > > > Actually, microsoft recommends DNS DC's along with DHCP where > > needed. DNS is a general acceptance on DC's from all of the > > people I have spoke with. I do not understand the risk with > > security as if you used DNS integrated. Performance is > > always a risk, but DC's tend to need memory more than network. > > > > -Jon > > > > -----Original Message----- > > From: Brahim Bouchaiba [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, March 04, 2003 8:47 AM > > To: [EMAIL PROTECTED] > > Subject: Re: RE: [ActiveDir] DC role > > > > > > > > Thanks Greg. > > > > > > [EMAIL PROTECTED] writes: > > >If you have no other resources you have to do what you have to do > > >Brahim. > > > > > >However, if you do in fact have other resources - it is > > advisable not > > >to put DNS, DHCP, WINS on a DC - - not only are you going to > > be facing > > >certain security issues - - but you will also hamper performance > > > > > > > > Brahim Bouchaiba > > Network administrator > > Information technology > > 617-7359720 > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > Visit our website at http://www.ubswarburg.com > > > > This message contains confidential information and is intended only > > for the individual named. If you are not the named addressee you > > should not disseminate, distribute or copy this e-mail. Please > > notify the sender immediately by e-mail if you have received this > > e-mail by mistake and delete this e-mail from your system. > > > > E-mail transmission cannot be guaranteed to be secure or error-free > > as information could be intercepted, corrupted, lost, destroyed, > > arrive late or incomplete, or contain viruses. The sender > therefore > > does not accept liability for any errors or omissions in > the contents > > of this message which arise as a result of e-mail transmission. If > > verification is required please request a hard-copy version. This > > message is provided for informational purposes and should not be > > construed as a solicitation or offer to buy or sell any > securities or > > related financial instruments. > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
