نمایش نتایج: از شماره 1 تا 12 از مجموع 12
سپاس ها 5سپاس
  • 2 توسط th95
  • 2 توسط patris1
  • 1 توسط patris1

موضوع: نصب isa روی domain control

  
  1. #1
    نام حقيقي: NR

    خواننده شناسه تصویری nimarezaee
    تاریخ عضویت
    Mar 2010
    محل سکونت
    EK
    نوشته
    42
    سپاسگزاری شده
    5
    سپاسگزاری کرده
    16

    نصب isa روی domain control

    سلام
    میخواستم بدونم ایا پیشنهاد میشه که ایزا رو روی سروری که Active dirct روی اون قرار دارد نصب کرد ؟
    میخواستم بدونم این کار باگی روی ایزا نمیندازه؟
    با تشکر



    موضوعات مشابه:

  2. #2
    نام حقيقي: Mohammad

    عضو ویژه شناسه تصویری th95
    تاریخ عضویت
    Sep 2008
    نوشته
    4,263
    سپاسگزاری شده
    5765
    سپاسگزاری کرده
    2674
    نوشته های وبلاگ
    20
    نقل قول نوشته اصلی توسط nimarezaee نمایش پست ها
    سلام
    میخواستم بدونم ایا پیشنهاد میشه که ایزا رو روی سروری که Active dirct روی اون قرار دارد نصب کرد ؟
    میخواستم بدونم این کار باگی روی ایزا نمیندازه؟
    با تشکر

    فکر نکنم کار جالب باشه
    افتضاح میشه
    همه چیز بهم میریزه
    خصوصا اگه بخوای auth هم با خود active dir باشه
    صد تا پورت مختلف رو باید باز کنی و ..لاگین یوزرها به هم میریزه - کند میشه و ...

    البته اینها نظر من بود
    چگونگی کانفیگ و توضیحات بیشتر اینجاست

    Installing ISA Server on a Domain Controller.


    mehdi.g و nimarezaee سپاسگزاری کرده‌اند.

  3. #3
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272
    کد:
    http://technet.microsoft.com/en-us/library/dd370683.aspx
    ISA Server Installation and Deployment FAQ



    Published: July 24, 2003

    This frequently asked questions (FAQ) document provides answers to questions commonly asking during planning, installation, and deployment of Microsoft® Internet Security and Acceleration (ISA) Server.

    Q. Is Active Directory required for ISA Server?

    A.
    ISA Server Standard Edition does not use or require Active Directory® directory service. As part of the installation process for ISA Server Enterprise Edition, Active Directory connectivity is required to run the Enterprise Initialization tool, which updates the Active Directory schema (on the domain controller in the domain in which you are installing ISA Server) with ISA Server information. Active Directory is used to store enterprise policy settings and array information, to provide easy management of arrays and to provide load-balancing and fault tolerance using multiple arrays. For minimum impact on Active Directory and for security reasons, you can choose to create an ISA Server array in its own domain, and then establish trust relations to the existing domains. Using this method, you will not have to make schema changes to existing domains. Note that other domains do not necessarily have to be Windows® 2000 domains. .




    Q. Is there a list of all the Active Directory schema changes made by the ISA Server Enterprise Initialization tool?

    A.
    The first time you install ISA Server as a member of an array in a domain, you must run the ISA Server Enterprise Initialization tool to modify the Active Directory schema with ISA Server objects. For more information about the schema changes made by this tool, see Active Directory Storage and Replication Impact. The Scheme.ldif file in the cdroot\isa directory also provides a schematic listing of the Active Directory changes made by ISA Server. .




    Q. Can I remove the ISA Server schema in Active Directory, after I run the Enterprise Initialization tool to install it?

    A.
    No, the ISA Server schema cannot be removed from Active Directory, and the ISA Server Enterprise Initialization tool is only run once in each domain. To remove the ISA Server schema, you will have to restore your Active Directory configuration from a backup made prior to running the ISA Server Enterprise Initialization tool. .




    Q. Is the schema uninstalled from Active Directory, if I uninstall ISA Server?

    A.
    In Windows 2000 Active Directory, the schema is not removed, but is simply inactivated. In Windows Server™ 2003, the schema is removed from Active Directory.




    Q. Can I install ISA Server on a domain controller?

    A.We do not recommend installing ISA Server on a domain controller. In situations where you must, for example running ISA Server on Small Business Server, see this article on Tom Shinder’s (Microsoft MVP) site.





    Q. What permissions do I need to install ISA Server?

    A.
    The following permissions are needed for installations:

    • To install a stand-alone ISA Server, you must be a member of the Administrators group for the computer on which you install ISA Server.
    • To install ISA Server as an array member in an enterprise, you must be a member of the Domain Administrators group for the computer on which you install ISA Server.
    • To install in multiple domains, you must be a member of the Enterprise Admins group.
    • To run the Enterprise Initialization tool to modify the Active Directory schema, in addition to being an Administrator on the local computer, you must be a member of the Schema Admins and the Enterprise Admins groups.







    Q. How do I migrate Proxy Server 2.0 on my Windows 2000 configuration to ISA Server?

    A.
    Generally, if you migrate from Proxy Server 2.0 to a stand-alone server, most of the rule and configuration elements created for Proxy Server 2.0 will be migrated. If you migrate to a new array, the enterprise policy default settings determine how the Proxy Server 2.0 rules are migrated. For more information, see ISA Server online product documentation on Migrating Microsoft Proxy Server 2.0 Configuration. This document is also available on the ISA Server installation CD.




    Q. I have the ISA Server evaluation edition. Do I need to reinstall and reconfigure when I purchase the full licensed version?

    A.
    You need to reinstall the full version, but your existing configuration settings will be preserved when you reinstall.




    Q. How do I totally remove an ISA Server installation?

    A.
    To uninstall ISA Server

    1. Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
    2. In Currently Installed Programs, click Microsoft ISA Server, and then click Remove.

    Note that when you uninstall the enterprise edition on Windows 2000, the ISA Server schema is not removed from Active Directory. If you cannot uninstall using this method, run the tool Rmisa.exe located in \setupbin\I386 of your ISA Server installation folder.





    Q. What functionality does ISA Server Feature Pack 1 add?

    A.
    ISA Server Feature Pack 1 adds significant security value to Microsoft Exchange Server and Microsoft Internet Information Services (IIS) publishing scenarios. This pack includes tools and additional features that enable you to better protect your published servers. The major features of Feature Pack 1 are as follows:

    • Enhanced Exchange RPC filter
    • Enhanced SMTP filter that can filter e-mail based on attachment name, extension, or size, as well as by sender, domain, keyword, or any SMTP command and its length
    • URLScan 2.5 for ISA Server
    • Web Authentication for RSA SecurID
    • OWA (Outlook Web Access) wizard
    • RPC Filter Configuration wizard
    • Link Translator

    For more information about Feature Pack 1, see Improving Web Publishing. For more information about downloading Feature Pack 1 and to obtain documentation, see the Microsoft download site.





    Q. What is the difference between ISA Server Service Pack 1 and ISA Server Feature Pack 1?

    A.
    ISA Server Service Pack 1 was released to address specific issues found in ISA Server after its release. ISA Server Feature Pack 1 provides you with a choice of new ISA Server features, and it can only be installed on computers running ISA Server with ISA Server Service Pack 1. For information on all ISA Server service packs and downloads, see the Microsoft download site.




    Q. What are the default configuration settings following installation of ISA Server?

    A.
    User permissions: Stand-alone servers: Members of the Administrators group on the local computer can configure ISA Server policy. Arrays: Members of the Domain Admins and Enterprise Admins group can configure policies.
    Local address table: During installation, you either configure the LAT manually with IP addresses or configure it automatically, based on the Windows Routing table.
    Enterprise policy settings: In ISA Server Enterprise Edition, when creating a new array, the array adopts the default enterprise policy settings.
    Access control: Site and content rules: Unless the enterprise policy settings are configured to prohibit array-level allow rules, a default site and content rule named Allow Rule allows all clients access to all content, on all sites, at all times. However, because no protocol rules are defined, no traffic will be allowed to pass.
    Packet filtering: Enabled in firewall mode and in integrated mode. Disabled in cache mode.
    Publishing: No internal servers are accessible to external clients. A default Web publishing rule discards all requests.
    Routing: All Web Proxy client requests are retrieved directly from the Internet.
    Caching: The cache size is set to the size that was specified during setup. Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) caching are enabled. Active caching is disabled.
    Alerts: All alerts are active, except the following:

    • All port scan attack
    • Dropped packet
    • Protocol violation
    • User Datagram Protocol (UDP) bomb attack

    Client configuration: When installed or configured, Firewall and Web Proxy clients have automatic discovery enabled. Web browser applications on Firewall clients are configured when the Firewall client is installed.





    Q. How do enterprise policy and array policy work together?

    A.
    When you install ISA Server Enterprise Edition as part of an array, you can implement enterprise-wide policies that are stored in Active Directory, and applied to all array members. This single enterprise-wide policy can be set and modified from any array computer, because all array computers have access to Active Directory. The enterprise administrator can enable enterprise policy to be augmented with policy settings at the individual array level. These array-level policy settings can only further restrict enterprise-level settings; they cannot be more permissive.




    Q. Does a Windows 2000 server with ISA Server installed have to be a member of a local domain for ISA Server to operate successfully?

    A.
    No, ISA Server does not have to be in the same domain as the client computers it protects. However, if you want to enable user authentication for Internet access, having ISA Server in the same domain will make authentication management easier, although you can manage user authentication in another trusted domain. For information on authenticating Web Proxy clients against all trusted domains, see the Microsoft Knowledge Base article 319376.




    Q. What is the difference between ISA Server and Internet Connection Firewall (ICF)?

    A.
    Microsoft Windows® XP and Windows Server™ 2003, Standard and Enterprise Editions, each have Internet Connection Firewall (ICF) built in, helping to secure the individual workstation or laptop computer against incoming hacker and virus threats. ISA Server 2000 is an enterprise-class firewall, built from the ground up by Microsoft to defend entire networks. ISA Server is a multilayered firewall that is optimized for application-layer filtering and designed to protect large, medium, and small businesses. ICF provides home users and small business users (fewer than five people) with baseline protection against incoming attacks. For more information, see Comparing ISA Server and Internet Connection Firewall.




    Q. Can I use DCOM over ISA Server?

    A.
    Generally, you cannot use DCOM with ISA Server, because a DCOM server embeds its IP address in the interface marshalling packet, which is used by the external client to connect to the DCOM server. In a scenario where network address translation (NAT) is employed between a DCOM server on an internal network or perimeter network, and the Internet, an external client cannot use the actual IP address to reach the published DCOM server, and the connection attempt will fail. However, you can enable Point-to-Point Tunneling Protocol (PPTP) between DCOM peers, by configuring Routing and Remote Access on one of the peers and a PPTP client connection on the other. For more information on configuring ISA Server for PPTP pass through by enabling PPTP client connections, see the Microsoft Knowledge Base article 283628.




    Q. Can I run ICS on an ISA Server computer?

    A.
    . Network address translation (NAT) functionality is an integral part of computers running Windows 2000, with NAT as a standard feature in Windows 2000 Routing and Remote Access and Internet Connection Sharing (ICS) as part of Windows 2000 Professional. ISA Server SecureNAT functionality supersedes the functionality provided by Windows 2000 NAT and ICS, and you should remove these features before installing ISA Server.




    Q. I added a network adapter to my ISA Server computer, but when I tried to set up a new publishing rule, the external IP list was empty. When I tried to enter the IP address manually, an error occurred. What’s wrong??

    A.
    Check that the network adapter is installed correctly. Check that the network adapter IP address has not been included in the local address table (LAT).




    Q. Can I connect my ISA Server computer to multiple Internet connections?

    A.
    ISA Server cannot do this directly, but you can use additional ISA Server partner software to do this. For more information, see the Rainfinity Web site.




    Q. Can I configure ISA Server with only one network adapter?

    A.
    Yes, you can configure ISA Server in cache only mode with a single network adapter. In cache only mode, only Web Proxy clients are supported. If you install ISA Server in integrated mode with only one network adapter, issues may arise. For more information, see the Microsoft Knowledge Base article 288236. For more information on installing ISA Server with a single network adapter in cache mode, see this article on Tom Shinder’s (Microsoft MVP) site.




    Q. Why can’t I access the Internet after I’ve installed ISA Server?

    A.
    Following installation, ISA Server follows the best security practice of “deny all.” This means that all traffic is blocked, until you explicitly create access policy rules or IP packet filters to allow incoming and outgoing traffic. To access the Internet, you need a site and content rule that allows access to specific sites, and a protocol rule that allows access to specific protocols. After installing ISA Server, a default site and content rule is created automatically. This default site and content rule allows access to all destinations, at all times, to all users. You use this default rule, or you disable it and create your own site and content rules, to allow or deny access to Internet locations. After you have a site and content rule in place, you need a protocol rule for the protocols you want to allow. To create a protocol rule, do one of the following:

    • Use the Create a Protocol Rule for Internet Access Wizard. By default, this wizard presents you with the following protocols:
      • HTTP
      • HTTPS
      • FTP
      • FTP Download
      • Gopher


    You can select the option to apply the rule always or only at certain times, and for all requests or only for requests from specific users.

    • To open the wizard
      1. Click Internet Security and Acceleration Server in the node tree of ISA Management.
      2. On the Welcome page in the display pane, click Getting Started Wizard.
      3. Click Configure Protocol Rules, and then click Create a Protocol Rule for Internet Access to open the wizard.
    • Alternatively you can create an allow protocol rule to:
      • Enable all IP traffic protocols or specify the protocols you want to allow.
      • Enable use of the protocol at any time or only at particular times you specify.
      • Enable access to the protocol for any request or only for requests from certain users.





    After you have created a site and content rule and a protocol rule that allows access to a destination with a specified protocol, ISA Server will permit access to any clients you have specified in these rules



    ARM و mehdi.g سپاسگزاری کرده‌اند.

  4. #4
    نام حقيقي: mehrdad jahangiri

    عضو غیر فعال شناسه تصویری mj_02003
    تاریخ عضویت
    Feb 2010
    محل سکونت
    tehran
    نوشته
    36
    سپاسگزاری شده
    3
    سپاسگزاری کرده
    0
    منم با محمد موافقم 100%کاره activeرو به هم میزنه



  5. #5
    نام حقيقي: Hootii

    مسدود شده
    تاریخ عضویت
    Feb 2010
    محل سکونت
    تهران
    نوشته
    146
    سپاسگزاری شده
    70
    سپاسگزاری کرده
    29
    اگر درست Config بشه هیچ مشکلی پیش نمیاد ... داشتم جایی که ISA و DC رو یه سرور بودن و مشکلی نبوده...



  6. #6
    نام حقيقي: علی منصوری

    عضو عادی شناسه تصویری mrpa
    تاریخ عضویت
    Feb 2010
    محل سکونت
    تهران
    نوشته
    203
    سپاسگزاری شده
    15
    سپاسگزاری کرده
    65
    درسته منم شاهد کار کردن ISA به همراه Ad روی یه سرور بودم ولی توصیه چی میگه

    NOT RECOMANDED



  7. #7
    نام حقيقي: Hootii

    مسدود شده
    تاریخ عضویت
    Feb 2010
    محل سکونت
    تهران
    نوشته
    146
    سپاسگزاری شده
    70
    سپاسگزاری کرده
    29
    بله ... بنده از Best Practice های توصیه شده Microsoft اطلاع کامل دارم .... ولی مسئله اینجاست که شرکتهای زیادی هستن که پول نمیدن دو تا سرور جدا بخرن واسه AD و ISA ....

    و همچین شرکتهایی "Not Recommended" حالیشون نمیشه .... و این دیگه بستگی به توانایی مدیر شبکه یا مسئول شبکه داره ...

    یا باید قید ISA رو بزنه . یا سرور جدا بخره ... یا ISA و AD رو کنار هم Config کنه ...


    ویرایش توسط Hootan : 2010-03-04 در ساعت 02:29 PM

  8. #8
    نام حقيقي: Ali

    عضو ویژه شناسه تصویری al1p0ur
    تاریخ عضویت
    Feb 2010
    محل سکونت
    Tehran
    نوشته
    2,097
    سپاسگزاری شده
    2423
    سپاسگزاری کرده
    730
    منم با بقیه دوستان موافقم که باید این دو سرور از هم جدا باشه ولی وقتی پول نمیدن چاره ای نیست . تا حالا چند بار این کار رو تو چند تا شرکت کردم و مشکلی هم نداشتم .



  9. #9
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272
    نقل قول نوشته اصلی توسط Hootan نمایش پست ها
    بله ... بنده از Best Practice های توصیه شده Microsoft اطلاع کامل دارم .... ولی مسئله اینجاست که شرکتهای زیادی هستن که پول نمیدن دو تا سرور جدا بخرن واسه AD و ISA ....

    و همچین شرکتهایی "Not Recommended" حالیشون نمیشه .... و این دیگه بستگی به توانایی مدیر شبکه یا مسئول شبکه داره ...

    یا باید قید ISA رو بزنه . یا سرور جدا بخره ... یا ISA و AD رو کنار هم Config کنه ...

    Windows Small Business Server



    pardazande سپاسگزاری کرده است.

  10. #10
    نام حقيقي: NR

    خواننده شناسه تصویری nimarezaee
    تاریخ عضویت
    Mar 2010
    محل سکونت
    EK
    نوشته
    42
    سپاسگزاری شده
    5
    سپاسگزاری کرده
    16

    نصب ISA در Domain

    شبکه داخلی ما در یک دامین تعریف شده است حالا اگر بخواهیم که آیزا را برای دسترسی به اینترنت روی این دامین فعال کنیم متوجه شدم که نباید روی سروری که AD روی آن است نصب کنم ولی میخوام بدونم که آیا کارمندانی که میخواهند به اینترنت وصل شوند باید در یک workgroup باشند یا نه میشود با نصب ایزا در همین دامین و نگه داشتن کاربران در همین دامین و نصب ایزا روی یکی از client ها دسترسی ها را تعریف کرد؟
    با تشکر از شما دوستان خوب.



  11. #11
    نام حقيقي: Hootii

    مسدود شده
    تاریخ عضویت
    Feb 2010
    محل سکونت
    تهران
    نوشته
    146
    سپاسگزاری شده
    70
    سپاسگزاری کرده
    29
    دوست عزیز ...

    هر دو حالت امکان پذیر است ...

    ولی بهتر است Client ها هم عضو همان Domain که ISA عضو هست باشند ...



  12. #12
    نام حقيقي: NR

    خواننده شناسه تصویری nimarezaee
    تاریخ عضویت
    Mar 2010
    محل سکونت
    EK
    نوشته
    42
    سپاسگزاری شده
    5
    سپاسگزاری کرده
    16
    متشکرم



کلمات کلیدی در جستجوها:

نصب tmg روی domain controller

نصب isa در domain

نصب آیزا سرور 2006 روی دامین

نصب Tmg

نصب isa server 2006 روی domain

tmg روی دامین کنترلر نصب نمی شه

نصب isa در دامين

نصب نشدن tmg روی دامین

آیا میشه tmg را روی dc نصب کرد؟

نصب frofront رویdomain

تعریف کردن isaدر دامین

نصب isa 2004 بر روی domain

نصب tmg و domain

تنظیم isa server در Domain

کانفیگ isa 2006 در دامین

آیا isa server بر روی domain controller نصب میشود

نحوه نصب isa server 2006 در domain

نصب tmg بر روی سرور domain controller

اکسچنج سرور روی چه سروری نصب additional domain controller

روی dc forefront tmg نصب

نصب دامین برای ایزا

نصب isa server 2006

کانفیگ isa

نصب آيزا روي دامين کنترلر

نصب ISA Domain

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •