DMZ web server member workgroup and IIS lockdown

DMZ web server member workgroup and IIS lockdown

am 23.02.2006 18:43:26 von Cindy

Hello:
I am new to this employer. They have an IIS 5.0 Server in a DMZ that is a
member of workgroup not domain. The name of workgroup is same as domain.
Script writes route to internal domain ip range through firewall.

I have researched this type of practice in MS technet and found no reference
to recommendation IIS server be member of workgroup not domain. Doesn't seem
secure to me since credentials of Adminstrative users will pass with
name\username(same as on domain). The websites go into domain to sql server
and Access Database server to display information from catalogs to public.

Second IIS lockdown and URL scan have never been installed. Are there any
precautions I should use when installing these tools? As state above asp and
cgi scripts get information from SQL and Access databases to produce pages to
public and also run application tools. Some Access databases are also on web
server.

Webpublishing services are stopping on regular basis. One problem was
diskspace on C: partition and I have moved page file and largest log to
bigger partition.

Thanks for any help you can give.

RE: DMZ web server member workgroup and IIS lockdown

am 28.02.2006 01:16:28 von Cindy

No answer yet, what is up with Technet Plus answer within 24hours?
"Cindy" wrote:

> Hello:
> I am new to this employer. They have an IIS 5.0 Server in a DMZ that is a
> member of workgroup not domain. The name of workgroup is same as domain.
> Script writes route to internal domain ip range through firewall.
>
> I have researched this type of practice in MS technet and found no reference
> to recommendation IIS server be member of workgroup not domain. Doesn't seem
> secure to me since credentials of Adminstrative users will pass with
> name\username(same as on domain). The websites go into domain to sql server
> and Access Database server to display information from catalogs to public.
>
> Second IIS lockdown and URL scan have never been installed. Are there any
> precautions I should use when installing these tools? As state above asp and
> cgi scripts get information from SQL and Access databases to produce pages to
> public and also run application tools. Some Access databases are also on web
> server.
>
> Webpublishing services are stopping on regular basis. One problem was
> diskspace on C: partition and I have moved page file and largest log to
> bigger partition.
>
> Thanks for any help you can give.
>