AD with no Internet access available

O

Olaf Berli

I'm setting up a Win2k server in a small office environment where Internet
access isn't allowed due to security issues. In the LAN there is simply no
external communication at all. Will there be any problems using AD in this
setup? I'm thinking of time updates, DNS handling etc.

-Olaf-
 
J

Jerold Schulman

I'm setting up a Win2k server in a small office environment where Internet
access isn't allowed due to security issues. In the LAN there is simply no
external communication at all. Will there be any problems using AD in this
setup? I'm thinking of time updates, DNS handling etc.

-Olaf-
Click to expand...

No, but see tip 5414 in the 'Tips & Tricks' at http://www.jsiinc.com

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
P

Paul Bergson {MCT, MCSE}

There should only be one machine as the time manager and believe it is the
role holder of the PDC Emulator. All other machines look to it for time
(2000 and greater) otherwise use net time to point them to it. No problems
with dns, wins or anything else. There is no need to be connected to the
internet for anything.


Paul Bergson MCT, MCSE, CNE, CNA, CCA
 
E

Enkidu

What about security and other updates? Some mechanism would be needed
to cater for these.

Cheers,

Cliff
 
O

Olaf Berli

Have to do this via CD. Since there is no external connection, the security
risks aren't very high.....

-Olaf-

===== Originalmelding fra (e-mail address removed) på 24.04.04 01:53
 
C

Cary Shultz [A.D. MVP]

Cliff,

I remember reading a post awhile ago and the poster ( a woman working for
the DOD ) asked a similar question and the response to her post was
essentially "If there is not a connection to the outside then there will not
be a need for the security as the flaws can not be attacked from the
outside". I know what you mean, though. I guess that they can receive the
Security Updates CD form Microsoft. Mine just came in the mail a couple of
weeks ago.

Cary
 
E

Enkidu

Yes, I guess that the Security Update CD will be adequate in those
circumstances, but from a security point of view not being connected
to the outside world does not mean that there is not a need for the
patches and so on. All it needs is one careless person to connect an
infected laptop to the network and.... I think your DoD lady was being
a little naive.

Cheers,

Cliff
 
C

Cary Shultz [A.D. MVP]

I would agree. I would include all hotfixes / patches regardless of
connectivity to the outside world. Let's not forget about the floppy disc
drive from home, either!

Cary
 
O

Olaf Berli

In the case I was asking about, there are also restrictions on bringing
floppies or laptops into the system. This just isn't allowed. I agree,
however, that there should be routines for applying patches and updates on a
regular basis. My concern was initially if AD needed some kind of connection
to the outside world - like time sync etc. in order to operate properly.

-Olaf-
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD query 0
Can't access external web space with same extension as our AD name 1
Forest Trusts and DNS 3
Isolating Active Directory Domains 4
DNS - W2K Server AD same DN inside/outside 2
AD Server removed but not demoted. 7
Internet access with router 1
After Activie Directory installed server no longer access internet 1

Top