Well when RDP breaks or you have a stupid laptop that somehow thinks
it's on a domain because it used to be on a domain and it's no longer on
a domain and yet the firewall settings are still 'enabled' [okay that's
not exactly the greatest example but it's the only one I could come up
with at short notice.
If you are totally headless, I'd do the ILOish like stuff that HP does.
joe wrote:
When specifically? If you don't point them out, there is less chance
it will get corrected. :o)
I would love to get to a point of not having to interactively logon to
servers except at initial configuration. Much less chance of doing
stupid accidental things. One of the great strengths and weaknesses of
a server desktop that looks like a client desktop is that everyone
thinks they they can manage a server because they think they can use a
desktop machine. Great from a marketing and sales standpoint,
companies think that anyone can run the things. Bad from a realistic
running the companies servers and security standpoint. Thankfully MS
has been backing off of the "you have to know enough to turn something
off" to the "you have to know enough to turn something on" mindset,
but just the same, there are a lot of people running servers who
probably have trouble controlling their alarm clock.
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Susan
Bradley, CPA aka Ebitz - SBS Rocks [MVP]
*Sent:* Saturday, November 26, 2005 6:41 PM
*To:* [email protected]
*Subject:* Re: [ActiveDir] Outlook installed on a DC
You do realize we even have folks that turn themes on their SBS boxes
because they want it to look 'pretty'. :-)
There are still times you have to be 'on' a box ...especially down here.
joe wrote:
lol. :)
Susan, what if you had a server that you couldn't do any GUI from
but instead you loaded up the GUI to control the server on a
workstation? Would that be good enough for you or do you absolutely
HAVE to run the GUI on the server?
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Susan
Bradley, CPA aka Ebitz - SBS Rocks [MVP]
*Sent:* Saturday, November 26, 2005 4:49 PM
*To:* [email protected]
*Subject:* Re: [ActiveDir] Outlook installed on a DC
I'm convinced that Joe wouldn't even want a c:\ on the screen. Maybe
a c or a colon or a slash...but all three? Too much bloat.
;-)
joe wrote:
Your manager is a soft fleshy milk-secreting glandular organ.
Every new piece of software added to any machine is new possible
threat vector. DCs are the bastion of your Windows network security.
You run the absolute minimum on a DC that you can run (yes SBS makes
me squeamish but that isn't a surprise to Susan). I don't think it
is ever a good idea to run Outlook on any server except maybe a TS
and the admins better not ever launch it. Outlook is not an email
server, it is a client app, when someone tells me they need it for
their server app, I laugh and tell them to find a better app or
another way.
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Frank
Abagnale
*Sent:* Thursday, November 24, 2005 11:39 AM
*To:* Active
*Subject:* [ActiveDir] Outlook installed on a DC
Hi all,
I have a problem whereby our I've been asked by a manager to install
outlook on our DC's to allow us to email back the services team when
backups have failed.
I am dead against this, I have just managed to split the DC & File
and Print roles and reduce the number of domain admins.
My gut feeling is against this, though I have no technical reason
why this is bad?
Does anyone have any views or advice on this matter?
Any scenerio's that could occur would be nice...
thanks
Frank
------------------------------------------------------------------------
Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
<http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=36035/*http://music.yahoo.com/unlimited/>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
