|
David, The solution you require is documented by
Microsoft as the “perimeter network scenario” in the following
Microsoft document One gotcha is that your admin staff have
to have accounts in the DMZ domain as well as the internal domain, as you can’t
assign a foreign security principal to a global or universal group in another
forest – which precludes making your internal domain accounts into
enterprise or domain admins in the dmz forest. Hope this helps ______________________________________________________ Join the Collaborative Business
Experience From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David Hello Imagine the following scenario, you have an internal W2K3
forest and an external W2K3 forest on the DMZ. Management wish to create
one-way trust between the two forests so the DMZ forest trusts the internal
forest for an application. I have read that this is obviously possible but not
recommended and cannot find out why. Does anyone know what the exact security
issues or exploits could be? Assume we have a firewall with the rules
configured to only allow trust traffic through. Regards David ****************************************************************************
This message contains confidential
information and is intended only for the individual or entity named.
If you are not the named addressee you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately
by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, destroyed, arrive late or incomplete, or contain
viruses. The sender therefore does not accept liability for any errors or
omissions in the contents of this message which arise as a result of
e-mail transmission. If verification is required please
request a hard-copy version. This message is provided for
informational purposes and should not be construed as an invitation or
offer to buy or sell any securities or related financial instruments.
GAM operates in many jurisdictions
and is regulated or licensed in those
jurisdictions as required. ****************************************************************************
|
Title: Message
- [ActiveDir] DMZ and Trusts Wyatt, David
- RE: [ActiveDir] DMZ and Trusts Guest, Mike
- Re: [ActiveDir] DMZ and Trusts Al Mulnick
- RE: [ActiveDir] DMZ and Trusts Wyatt, David
- Re: [ActiveDir] DMZ and Trusts Al Mulnick
- RE: [ActiveDir] DMZ and Trusts Wyatt, David
