Re: Default Web Configuration/Status
- From: "oneInTen" <cpstechgroup@xxxxxxxxx>
- Date: Wed, 21 Mar 2007 12:10:57 -0400
Under "IP address" does it give you the ip address or '(All Unassigned)'?
"gbchriste" <gbchriste@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:633D175C-E1D8-4B8F-BC36-FA6BEF4BDA3F@xxxxxxxxxxxxxxxx
I'd already considered and checked this. Both Integrated Authentication and
Anonymous Access are enabled. In this configuration, Anonymous Access takes
precedence and Integrated is ignored. If I try to remove Anonymous, I am
prompted to reset access on several other SBS web facilities, like OWA,
ActiveSynch, Exchange, etc etc.
I'm hesitatnt to apply such a mass change without knowing the impact.
Any suggestions or observations from anyone who has run Default Web in
Integrated Authentication mode only?
"oneInTen" wrote:
Right click on the deault web site, select 'Properties' and then 'Directory
Security'. Click 'Edit' under 'Authentication and Access Control'.
Is 'Integrated Windows Authentication' checked? If no, check it
Costas
"gbchriste" <gbchriste@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E1B1A927-080E-403B-8E79-FE568D902051@xxxxxxxxxxxxxxxx
> The conventional wisdom is that SBS should not host the organization's
> public
> web site.
>
> In our case, www.mydomainname.org points to a publiclly hosted web site > at
> an external host. intranet.mydomainname.org points to my SBS host and > MX
> record.
>
> If so, what should the operational status and configuration of the > Default
> Web Site be? If I browse to the default web site via
> intranet.mydomainname.org from outside the LAN, I get the SBS Welcome
> screen
> with the links for My Company's Internal Web Site, Network > Configuration
> Wizard, Remote Web Workplace, and Information and Answers.
>
> Seems to me those are things I don't want the public to see. I don't > give
> the intranet.mydomainname.org URL out to anyone outside the > organization
> but
> someone could still find that server via IP address.
>
> But don't I have to have the Default Web up and operating for my
> organization users? The main item of interest is RWW. I can point > them
> to
> http://intranet.mydomainname.org/remote to get there but they are still
> coming in to the default web on port 80.
>
> Do I need to edit the default welcome page to remove all those links > and
> just put a message that directs people to www.mydomainname.org at our
> external web host? Any other suggestions for reducing or eliminating > this
> attack surface?
>
> Thanks,
>
.
- References:
- Re: Default Web Configuration/Status
- From: oneInTen
- Re: Default Web Configuration/Status
- Prev by Date: RE: Subdoman and related email
- Next by Date: Re: SBS 2003 Premium R2 server becomes more unstable, page file gr
- Previous by thread: Re: Default Web Configuration/Status
- Next by thread: Re: Default Web Configuration/Status
- Index(es):
Relevant Pages
|
