inline ----- Original Message ----- From: "Roger Seielstad" <[EMAIL PROTECTED]> To: "NT 2000 Discussions" <[EMAIL PROTECTED]> Sent: Thursday, November 07, 2002 10:12 AM Subject: RE: Moving PDC behind firewall
> Browsing will work fine without the PDC being anywhere near a particular > subnet. There is a subnet master browser on every subnet, which is why they > call it a subnet master browser. True. there are more detials and that's why i recommended the article ....it's my understanding that in addition to be being the domain master browser, the PDC is the subnet master browser for the subnet it is on (default setting/best pratice). This is configurable... hence my saying "should'. regardless...... > > He's (I guess) trying to protect the PDC from hacking/malicious activity > from his user base. If that's the stretegy then (i'm recommending) he 1 . say so clearly, and 2. build a tactical plan to support that. This would ideally included much more than port filtering. most of the ports allowed to allow stuff to "work" are exploitable w/o upper layer security. Other line-items in the pan. my .03 on it anyway........byron > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: Byron Kennedy [mailto:byron@;markettools.com] > > Sent: Wednesday, November 06, 2002 7:55 PM > > To: NT 2000 Discussions > > Subject: RE: Moving PDC behind firewall > > > > > > Insulate?........Does not compute..... forgive me, I'm a > > technologist. :) > > what are you specifically trying to do? > > > > The pdc will (should) be the master browser of the "subnet" > > it is on. Sound > > like you're a little unclear on one or both the following: > > > > 1. how the MS browser service works > > 2. ip subnetting. > > > > If that's the case then query technet for "understanding > > browsing", and > > query google for "ip subnetting", read up on each, then re-post your > > detailed rational and plan-of-attack. I'd recommend you have > > a more solid > > understanding of what's happening here before taking down > > your production > > network. > > > > byron > > > > -----Original Message----- > > From: /dev/null [mailto:dev.null@;beginthread.com] > > Sent: Wednesday, November 06, 2002 9:59 AM > > To: NT 2000 Discussions > > Subject: Re: Moving PDC behind firewall > > > > > > Thanks everyone for the info on this admittedly weird request. > > > > Everyone has asked why, here's the reason: > > > > > It's clear (to me at least)the "trusted" LAN is being redefined. > > > > We're wanting to insulate the PDC from the users. > > > > Ed Esgro said "PDC will run but it will not be the master > > browser for your > > 10.x.x.x network it will be the master browser for your > > 192.x.x.x network". > > If we put the PDC and user computers on the same logical > > (10.*) network with > > this firewall/router in-between the PDC and users and set the > > firewall/router to only forward the protocols we wanted, > > would this allow > > the PDC to be the master browser? I'm assuming the answer is yes. > > > > Thanks again for everyone's help. > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
