Announcement

Collapse
No announcement yet.

Domain admins to be able to RDP to DMZ servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain admins to be able to RDP to DMZ servers

    Just wondering, I have setup a new DMZ server for one of my users, and was wondering how would I setup RDP access for the my domain account which is on MyDomain.Local domain?

    Or is the only way to RDP to the new server is to RDP and logon as the local admin?
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Domain admins to be able to RDP to DMZ servers

    Seeing as there's no trust relationship between the non-AD machine and the AD you probably will need to RDP to the DMZ machine using the local admin, or create a new user account on the DMZ machine specifically for the purpose of remote admin.

    Comment


    • #3
      Re: Domain admins to be able to RDP to DMZ servers

      Does the DMZ has a different AD?

      Comment


      • #4
        Re: Domain admins to be able to RDP to DMZ servers

        The DMZ has no domain, just a workgroup of servers. We have been discussing whether we need to create a DMZ domain but could not see the point of having two DCs (for redundancy) and all the extra work involved in setting up the new domain.

        Is it normal for a DMZ of servers to be in their own domain?
        |
        +-- JDMils
        |
        +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
        |

        Comment


        • #5
          Re: Domain admins to be able to RDP to DMZ servers

          Not in my experience. Most DMZ servers that I have seen are web servers, email proxies, etc. They're generally configured in workgroup mode so there's no shared security.

          Comment


          • #6
            Re: Domain admins to be able to RDP to DMZ servers

            Originally posted by JDMils View Post
            The DMZ has no domain, just a workgroup of servers. We have been discussing whether we need to create a DMZ domain but could not see the point of having two DCs (for redundancy) and all the extra work involved in setting up the new domain.

            Is it normal for a DMZ of servers to be in their own domain?
            then open a rule in your Firewall to allow RDP connection from your production to the DMZ (one way).
            we have the same also and that is how we do it.

            Comment


            • #7
              Re: Domain admins to be able to RDP to DMZ servers

              Thanks guys. I have already setup RDP thru the firewall to the DMZ PCs and I think I will keep them in a DMZ workgroup. Wrt DNS, can they use the DNS server on my internal domain or should they have their own?
              |
              +-- JDMils
              |
              +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
              |

              Comment


              • #8
                Re: Domain admins to be able to RDP to DMZ servers

                you could either create a DNS server in the DMZ or you could use your existing DNS server in your production.
                if you chose Using the DNS in the production (outside the DMZ), you should open in the firewall the UDP 53 for both ways
                between the DNS server (internal Network) and the workstations/Servers (in the DMZ).
                and if you want those workstations/Servers in the DMZ to register their A-Records you might need to enable in your Internal Network DNS
                "Secure and Unsecured Updates", since they are not part on your Internal Network Domain.
                Last edited by Akila; 9th October 2008, 23:04.

                Comment


                • #9
                  Re: Domain admins to be able to RDP to DMZ servers

                  We have a rule setup to allow RDP via the Firewall and created basic user accounts on the machine that allows us to run the software we need to.

                  I wouldn't use your internal DNS unless you really need to. Use your external DNS servers.

                  What is it going to be used for??

                  Comment

                  Working...
                  X