Again, another wonderful thing about life - intelligent people can prove such by doing one simple thing - agree to disagree, and get on with the work at hand.
However, idiots have a tendency to want to prove, by whatever ill-conceived means or use of force (invasion or simply beating the crap out of someone who has 'dissed you'), that "I'm right - deal with it." William - I'm glad to find that you and I are in the intelligent group. I don't like having to look over my shoulder wondering when I'm going to be get jumped.... ;o) Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Lefkovics Sent: Sunday, September 21, 2003 6:26 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS does SPs now Point taken. And thanks. I don't really consider IIS all that insecure, anymore. There are a lot of Small Business Servers out there, for example. I'm only saying there are better reasons not to put SUS on a DC other than the use of IIS. I mean, Windows is a 'known problem'. Carry on. William Lefkovics eEye Digital Security http://www.eeye.com/html/Products/SecureIIS/index.html -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Saturday, September 20, 2003 6:23 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS does SPs now William, Let me clarify myself: I don't FEAR IIS on a DC. Just from a security perspective, I don't think it's smart. I don't see any reason to put a known problem on my domain's authentication source, among other things. Now, I might change my mind if we're talking about IIS 6.0, but likely not. Least privilege access. IIS is not needed on a DC, and is not part of what a DC needs to do what it is designed for. But, that's just me. Wonderful thing about freedom - each is free to do whatever he wants. As long as it doesn't impede on the freedom of others, have at it. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Lefkovics Sent: Saturday, September 20, 2003 8:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS does SPs now I agree with that premise of no SUS on a DC, though I have no fear of IIS on a DC. Domain controllers are special and should not get auto-anything in terms of updates or other changes. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Saturday, September 20, 2003 11:39 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS does SPs now Raymond, Good question - I hope that I can provide a good answer. I would NOT suggest or recommend deploying SUS to a DC for one simple reason: It requires IIS, and for security purposes, I will not deploy IIS onto a domain controller - which clearly dismisses a DC from hosting SUS IMHO. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
