So let's get this straight - the argument against enabling a productivity enhancing application that will improve your company's bottom line is "it's too hard and we don't understand it"?
:) From: joseph palmieri [mailto:[email protected]] Sent: Thursday, January 06, 2011 3:24 PM To: NT System Admin Issues Subject: RE: AD and firewall ports Brought up to option to limit ports with reg change and ipsec tunnel both shot down by admin sighting to difficult to setup, manage and overhead...go figure --- On Wed, 1/5/11, David Lum <[email protected]> wrote: From: David Lum <[email protected]> Subject: RE: AD and firewall ports To: "NT System Admin Issues" <[email protected]> Date: Wednesday, January 5, 2011, 8:40 PM Look up what it takes to put a Windows RDS gateway (was Terminal Server) server in a DMZ and you’ll have the info you need. Also FYI Microsoft recommends 100 ports and I wouldn’t drop below that unless you’ve monitored over a fair span of time and were certain. Also, we opened that range of ports to ONLY the DC’s. There is a reg change you can use to force the use of a specific range of ports for AD communication – I did exactly this and it works well. Dave From: joseph palmieri [mailto:[email protected]] Sent: Wednesday, January 05, 2011 4:54 PM To: NT System Admin Issues Subject: AD and firewall ports Need assistance with firewall ports and active directory our server admin submitted a change request to open over 1000 port to support AD. The change was denied and resubmitted requesting a minimum of 100 ports to support RPC communications to a member server within our DMZ. Our firewall engineers stated while monitoring the firewall only 20 ports were communicated over and 100 ports are not needed. Has anyone had experience with this issue and can provide some clarity…are the server admin looking for an easy way out by requesting all these ports? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<http://us.mc394.mail.yahoo.com/mc/[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<http://us.mc394.mail.yahoo.com/mc/[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
