Announcement

Collapse
No announcement yet.

Group Policy/AutoUpdate in a DMZ

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policy/AutoUpdate in a DMZ

    Hello,

    I am creating an IIS Server (6.0 on 2003). Our firewall device has multiple interfaces, I have assigned one of these interfaces as the DMZ; thus, "physically" separating that subnet from our secure network. How does one typically address Group Policy and Windows Update in this situation? Local group policy only? Update to microsoft.com?

    I imagine it would not be wise to just open the firewall for all of these Windows protocols to emulate being 'inside' the secure network.

    Any comments or documentation you may have for me to read would be great!
    Thanks!

  • #2
    Re: Group Policy/AutoUpdate in a DMZ

    Originally posted by mmX View Post
    Local group policy only?

    Update to microsoft.com?
    That's how I would do it.

    I would not open the required ports into your 'secure' network for these services. Once GP's are in place you very rarely have to update them and MS updates are normally once a month. Just make sure you remember about the server and dont leave it unpatched as it's at more risk than your internal servers.

    Good Luck

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Group Policy/AutoUpdate in a DMZ

      This is a bit unrelated, but...

      Install IE 7 on an IIS server?
      Or will IE 6 still be more secure?

      Comment


      • #4
        Re: Group Policy/AutoUpdate in a DMZ

        I would probably go with a fully patched version of IE 7.

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment

        Working...
        X