Network Security: Detailed info on RE: IIS6 on W2k3 DCs

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Microsoft

[Top] [All Lists]

RE: IIS6 on W2k3 DCs

from [Laura A. Robinson] Network Security

[Permanent Link]

Subject:	RE: IIS6 on W2k3 DCs
Date:	Fri, 14 Jan 2005 21:25:59 -0500

One pro-vote for IIS6 being installed on DC is related to 
your Certificate Authority which might be installed on a DC. 
The Microsoft Certificate Engine would then by default; 1. 
try to obtain Certificate Revocation List updates from http 
location 2. offer certifcate enrollment for end-users via http

Actually, none of that has anything to do with the machine being a DC or
not. Enterprise CA, standalone CA, it doesn't matter- they should not be
installed on DCs. The items that you list, which are only a couple of the
methods available for CRL/AIA/CPS retrievals, do not have anything
whatsoever to do with the CA being a DC. And again, DCs should not be CAs,
both for performance and security reasons.

Laura


---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
IIS6 on W2k3 DCs, Joe Blatz Re: IIS6 on W2k3 DCs, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Re: IIS6 on W2k3 DCs, James Riden RE: IIS6 on W2k3 DCs, Benjamin D. Goldman RE: IIS6 on W2k3 DCs, Harlan Carvey Re: IIS6 on W2k3 DCs, Miroslaw Slawek Chorazy RE: IIS6 on W2k3 DCs, Laura A. Robinson <= Re: IIS6 on W2k3 DCs, Security Re: IIS6 on W2k3 DCs, Fabrice Aubry RE: IIS6 on W2k3 DCs, Soluk, Kirk RE: IIS6 on W2k3 DCs, Benjamin D. Goldman RE: IIS6 on W2k3 DCs, Sullivan Tim P Re: IIS6 on W2k3 DCs, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Re: IIS6 on W2k3 DCs, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] RE: IIS6 on W2k3 DCs, Eric McCarty RE: IIS6 on W2k3 DCs, Devin Ganger RE: IIS6 on W2k3 DCs, Jim Harrison (ISA)

Previous by Date:	RE: IIS6 on W2k3 DCs, Devin Ganger
Next by Date:	Re: PGP and Outlook, Jason Short
Previous by Thread:	Re: IIS6 on W2k3 DCs, Miroslaw Slawek Chorazy
Next by Thread:	Re: IIS6 on W2k3 DCs, Security
Indexes:	[Date] [Thread] [Top] [All Lists]