Re: What is the best way to administering two separate forests?
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/16/04
- Next message: Steven L Umbach: "Re: Any Way To Route Outbound Packets on Same Interface as Incoming?"
- Previous message: TheBuzz: "AAARRRGGHH! Frustrating internet connection problem"
- In reply to: Sam: "Re: What is the best way to administering two separate forests?"
- Next in thread: Sam: "Re: What is the best way to administering two separate forests?"
- Reply: Sam: "Re: What is the best way to administering two separate forests?"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 16 May 2004 19:00:47 GMT
Hi Sam.
I think it makes sense to have a workstation on their domain/network. You bring up
the point about separate forests/subnets which tells me you probably don't want to go
into creating trusts between the forests, etc. The workstation does not need to be
fancy and you could share another monitor/keyboard/mouse from another computer via a
KVM switch if you want to save some space and money. If you go that route, I would
consider allowing only those who should administor the other domain to logon to it
using security policy user rights assignment - log on locally. --- Steve
"Sam" <sam@iQinternet.com> wrote in message
news:uMtUhbuOEHA.2704@TK2MSFTNGP10.phx.gbl...
> We're also going to be maintaining our client's Exchange, SQL and some other
> apps.
>
> So we need to get into their network and do things comfortably. What do you
> think is the best way for us almost live in their network? I guess we could
> keep a workstation in their network that we can physically use.
>
> Just trying to figure out the most effective and comfortable way to handle
> this.
>
> Thanks,
>
> Sam
>
>
> "Steven Umbach" <n9rou@n0spam-comcast.net> wrote in message
> news:v0xpc.8554$qA.931575@attbi_s51...
> > Since the equipment will be in your office it would make sense to have a
> domain
> > computer for their domain available to you connected to their subnet. Just
> make
> > sure that it is hardened and physically secured to some degree as you will
> be
> > logging onto it with domain admin credentials. You could configure that
> computer
> > to access one of their domain controllers using Terminal Services remote
> > administration or installing Admipak on that computer to administer the
> domain.
> > Another option would be to use one of your computers to use TS remote
> > administration to access their domain through the ISA servers, though that
> would
> > require configuration on their end to allow port 3389 access to the proper
> > computer on their lan. It would also open a hole in their firewall unless
> they
> > have a vpn connection you can go through. I would not recommend opening
> port
> > 3389 on their end unless you configure their firewall to only accept port
> 3389
> > connections from your public IP address in order to reduce hacking
> attempts.
> >
> >
> > Should be no problem using their router and internet access. The ISA
> servers
> > will not allow uninitiated inbound access to each others public IP address
> > unless they are configured to allow it. --- Steve
> >
> > "Sam" <sam@iQinternet.com> wrote in message
> > news:On25kWoOEHA.680@TK2MSFTNGP11.phx.gbl...
> > > Hi,
> > >
> > > We're in a situation where we will be in charge of at least one other
> > > network within the same building. We want to keep our Windows 2003
> > > domain/forest completely separate and independent with it's own subnet
> > > 10.1.x.x and ISA Server but we have to do 2 things:
> > >
> > > 1. Maintain our client's network so we need to be able get into their
> > > network w/ admin rights whenever we need to. As a matter of fact, their
> > > equipment will physically be in our office. They have their own Windows
> 2000
> > > forest, subnet -- 10.10.x.x -- and ISA Server, etc.
> > >
> > > 2. Use their router and T1s for our Internet connection as well. So the
> > > outside IPs of our ISA Server and their ISA Server will be in the same
> > > subnet.
> > >
> > > What is the best and most cost effective way to set this up?
> > >
> > > Thanks
> > >
> > > Sam
> > >
> > >
> >
> >
>
>
- Next message: Steven L Umbach: "Re: Any Way To Route Outbound Packets on Same Interface as Incoming?"
- Previous message: TheBuzz: "AAARRRGGHH! Frustrating internet connection problem"
- In reply to: Sam: "Re: What is the best way to administering two separate forests?"
- Next in thread: Sam: "Re: What is the best way to administering two separate forests?"
- Reply: Sam: "Re: What is the best way to administering two separate forests?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
