IIS 5 belonging to domain?

What are the security risks with a webserver having one nic into the dmz on
the firewall and the other nic into the production network, with the
webserver belonging to the domain, but logged on locally at all times.

I am assuming that in order to get it to retrieve the info from a msde
database on a production server (not a dc) that this it will need to be
joined to the domain?

Webserver is and will remain fully patched and will have SAV Corp Ed v10
installed with IIS lockdown tool and urlscan configured.

Re: IIS 5 belonging to domain?

There is no requirement that the IIS and MSDE boxes by in the same domain in
order to communicate.

a) You can use SQL Server authN rather than Windows AuthN to connect MSDE
(you need to set a reg key to switch MSDE to Mixed Mode, or you can use
Enterprise Manager if you have that available somewhere)

b) You can use pass-through authN if you have NTLM enabled on your LAN. Just
configure two local accounts (one on the IIS box, and one other MSDE box).
Give each account the same name and password. See:
http://www.microsoft.com/technet/community/columns/insider/i isi1005.mspx#EYB

Cheers
Ken


"Vic" wrote in message
news:EFB5C51B-48AF-4E45-9F7F-E10BCEB848CF@microsoft.com...
: What are the security risks with a webserver having one nic into the dmz
on
: the firewall and the other nic into the production network, with the
: webserver belonging to the domain, but logged on locally at all times.
:
: I am assuming that in order to get it to retrieve the info from a msde
: database on a production server (not a dc) that this it will need to be
: joined to the domain?
:
: Webserver is and will remain fully patched and will have SAV Corp Ed v10
: installed with IIS lockdown tool and urlscan configured.