Re: CAN WE LOGIN TO A WINDOWS 2003 ACTIVE DIRECTORY DOMAIN OVER TH
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Mon, 27 Mar 2006 01:20:15 -0600
"CHAMI" <CHAMI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6559AD48-D5D4-47F4-BBED-05E2317F24A2@xxxxxxxxxxxxxxxx
Having a user login to a windows 2003 server over the internet is not a
good
idea do you think because of the security issues?
Logging onto a server is not nearly as serious as logging
into a domain, but either CAN be secure if you really know
what you are doing.
There are millions of IIS web servers on the Internet, many
of them are even kept safe while others are configured poorly
or not kept up to date with fixes and services packs and so
are easily compromised.
Some people have successfully put DCs "on the Internet" --
but doing so take even more attention to detailed security.
The original question was 'Can you do it?' -- and the answer
to that is "YES" since the Internet is (mostly) JUST A NETWORK.
Actually what I like to accomplish is that if I use a windows xp computer
in
the office and way to save data to one of the computers in the home so
that
when I got home, I do not have to use terminal services or VPN or RRAS to
login to the computer in office to access files since I got uploaded from
office to the home.
TS or VPNs are generally a better method due to the security
and name resolution issues we have mentioned.
I am glad if you could give any idea how would you think best way to
accomplish this? Should I want to use a server or windows xp operating
system
will do?
TS is probably easiest and as likely as safe as a VPN.
Like if I have a windows server and able to login to my server over the
internet using the username and password after joining the domain,
whatever
data I saved on the hard drive can be viewed after I login using the same
user name and password in windows server I used to login over the internet
using a windows xp workstation? To me there is security issue involved
with
that! Any ideas with any other safe way to do?
Not even sure what you are asking.
But it doesn't SOUND like a particular security issue;
I certainly do similar things without worrying unnecessarily
about security beyond just making the system secure to begin
with -- and keeping it up to date.
Any posting is much appreciated! So does that mean, only choice is
terminal
service, VPN or RRAS and there is no otherway?
There are variations on the above. One open source choice
is SSH. It is sort of a cross between a VPN and Telnet and
can be made as secure as you reasonably wish since such
software supports all sorts of advanced encryption protocols.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
"Herb Martin" wrote:
In general, YES.
"CHAMI" <CHAMI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CD47AA5C-7229-4D29-86D6-5217E9F06F4D@xxxxxxxxxxxxxxxx
Hello!
If I create a user in active directory in windows 2003 server, we can
login to that user using windows xp login dialog box within the network
giving username and password after joining the domain! Okay, my
question
is
that can we login to that user sits in the windows 2003 server in
active
directory over the internet?
YES, if you have routed access, including on all the correct ports
and you can resolve DNS from the point of view of an INTERNAL
user (that is from the Internal DNS server.)
The issue is NOT the Internet per se, but rather firewalls, routing,
and DNS resolution.
In order to do that we have to join the domain.
Is it possible to join a domain over the internet and login to that
user
in
windows 2003 server? I mean without VPN or RRAS or TERMINAL SERVICES?
VPN/RAS makes it a bit easier since this can alter the DNS
setting during such connections to favor the "remote" DNS.
Terminal Services largely bypass the issues by placing the
user logically "at the TS".
Also if
I use VPN, does that help me to save files to windows 2003 server after
I
log
in to that?
It's neither HELPS you nor HURTS you. You can do anything within
reason over a VPN you can do locally IF your connectivity and name
resolution are equivalent to a LAN User (and if timeout issues don't
interfere which is not usually the case.)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
.
- Follow-Ups:
- References:
- Prev by Date: Help a non-idiot newbie! :) Domain Controller Problem
- Next by Date: Re: client logon slow when 1 DC is down
- Previous by thread: Re: CAN WE LOGIN TO A WINDOWS 2003 ACTIVE DIRECTORY DOMAIN OVER TH
- Next by thread: Re: CAN WE LOGIN TO A WINDOWS 2003 ACTIVE DIRECTORY DOMAIN OVER TH
- Index(es):
Relevant Pages
|
