I was simply stating that I have no idea why you brought up browsing at all. Its not really relevant to the entire discussion at hand, at least from my point of view/
------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Byron Kennedy [mailto:snail945@;yahoo.com] > Sent: Thursday, November 07, 2002 7:20 PM > To: NT 2000 Discussions > Subject: Re: Moving PDC behind firewall > > > inline > ----- Original Message ----- > From: "Roger Seielstad" <[EMAIL PROTECTED]> > To: "NT 2000 Discussions" <[EMAIL PROTECTED]> > Sent: Thursday, November 07, 2002 10:12 AM > Subject: RE: Moving PDC behind firewall > > > > Browsing will work fine without the PDC being anywhere near > a particular > > subnet. There is a subnet master browser on every subnet, > which is why > they > > call it a subnet master browser. > > True. there are more detials and that's why i recommended the article > ....it's my understanding that in addition to be being the > domain master > browser, the PDC is the subnet master browser for the subnet it is on > (default setting/best pratice). This is configurable... > hence my saying > "should'. > > regardless...... > > > > > He's (I guess) trying to protect the PDC from > hacking/malicious activity > > from his user base. > > If that's the stretegy then (i'm recommending) he 1 . say so > clearly, and 2. > build a tactical plan to support that. This would ideally > included much > more than port filtering. most of the ports allowed to allow stuff to > "work" are exploitable w/o upper layer security. Other > line-items in the > pan. > > my .03 on it anyway........byron > > > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Byron Kennedy [mailto:byron@;markettools.com] > > > Sent: Wednesday, November 06, 2002 7:55 PM > > > To: NT 2000 Discussions > > > Subject: RE: Moving PDC behind firewall > > > > > > > > > Insulate?........Does not compute..... forgive me, I'm a > > > technologist. :) > > > what are you specifically trying to do? > > > > > > The pdc will (should) be the master browser of the "subnet" > > > it is on. Sound > > > like you're a little unclear on one or both the following: > > > > > > 1. how the MS browser service works > > > 2. ip subnetting. > > > > > > If that's the case then query technet for "understanding > > > browsing", and > > > query google for "ip subnetting", read up on each, then > re-post your > > > detailed rational and plan-of-attack. I'd recommend you have > > > a more solid > > > understanding of what's happening here before taking down > > > your production > > > network. > > > > > > byron > > > > > > -----Original Message----- > > > From: /dev/null [mailto:dev.null@;beginthread.com] > > > Sent: Wednesday, November 06, 2002 9:59 AM > > > To: NT 2000 Discussions > > > Subject: Re: Moving PDC behind firewall > > > > > > > > > Thanks everyone for the info on this admittedly weird request. > > > > > > Everyone has asked why, here's the reason: > > > > > > > It's clear (to me at least)the "trusted" LAN is being redefined. > > > > > > We're wanting to insulate the PDC from the users. > > > > > > Ed Esgro said "PDC will run but it will not be the master > > > browser for your > > > 10.x.x.x network it will be the master browser for your > > > 192.x.x.x network". > > > If we put the PDC and user computers on the same logical > > > (10.*) network with > > > this firewall/router in-between the PDC and users and set the > > > firewall/router to only forward the protocols we wanted, > > > would this allow > > > the PDC to be the master browser? I'm assuming the answer is yes. > > > > > > Thanks again for everyone's help. > > > > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
