Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Recent content by ITPangaeaArchitect
-
Converting from a unsigned root cert to a signed root cert
puclic facing = signed cert from someone like verisign internal/employee only access = private ca chain =the best user experience and highest security factor... - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT Pangaea (http://it-pangaea.com)- ITPangaeaArchitect
- Post #2
- Forum: Information Security Group
-
Wildcard Digital Cert or Per Server Digital Certificate
Ok so here's the deal. If your websites that wwill be encrypted are public facing, you will want to go with a certificate from someone like verisign to secure the site (downside being, no client side cert reqs can be implemented). however, for internal/employee only sites, in other words, those...- ITPangaeaArchitect
- Post #2
- Forum: Information Security Group
-
Security of Network Passwords
Just find a good password encryption software and install it on a machine that has whole disk encryption on it, and if possible, EFS running on top of it as well (if it wont cause corruption of the files), then restrict access to that system to only a few trusted individuals (if using windows...- ITPangaeaArchitect
- Post #5
- Forum: Information Security Group
-
SSL ver2
that is very true, but my point was that you never know when youre gonna have some schmuck running Windows 98 out there in the world trying to get in...for instance....and a decision needs to made whether that will be accepted or not (but it is applicable more to public facing websites since...- ITPangaeaArchitect
- Post #5
- Forum: Information Security Group
-
Do Windows clients need a Primary/Secondary DNS that is also a DC?
ok so here's the deal. if you are using MS DNS in an AD domain, then it is recommended to point clients to DCs for DNS. This is because ONLY DCs can take part in AD replication, which includes the replication of DNS records to other DCs. This, in a nutshell, is why you are supposed to point...- ITPangaeaArchitect
- Post #4
- Forum: DNS/BIND/DHCP/WINS Issues
-
Domains
ok so here's the deal (and I am going off assumption of Microsoft technology being used, but it applies either way): first off, yes, you can host as many websites as you'd like named anything you like and have the zones hosted on one DNS server. i will give an example in a sec... second, I am...- ITPangaeaArchitect
- Post #5
- Forum: DNS/BIND/DHCP/WINS Issues
-
SSL ver2
there are considerations you need to make before being so rash. The primary consideration is the OS and potential IE level of any clients that connect to your site.....along with potential other browser types that may access the site (firefox, mozilla, etc.). if you are certain that all browser...- ITPangaeaArchitect
- Post #3
- Forum: Information Security Group
-
kerberos
yea what your seeing is a subsequent verification of netbios name after dns resolution. if you look at a trace taken from the client and server, on the client you would see dns calls going out (and if the client faces the dc for dns and trace is taken from there, youd see incoming calls), then...- ITPangaeaArchitect
- Post #4
- Forum: Information Security Group
-
Login failures when PDC is rebooted
DNS doesnt work that way. You are forgetting to put a forwarder to your ISPs DNS server. Do that, you'll get out...or create a new root hint (forwarders are easier and mroe readily configurable though) - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT...- ITPangaeaArchitect
- Post #13
- Forum: DNS/BIND/DHCP/WINS Issues
-
DHCP-request forwarding
Agreed. The easiest solution to this is to create two separate subnets off of each of these cable modems by either sticking a router in the middle, or an RRAS server. With an RRAS server, you can install a second and third NIC to connect to each network segment as well. But this is definitely...- ITPangaeaArchitect
- Post #3
- Forum: DNS/BIND/DHCP/WINS Issues
-
Domain Naming: NT4 ? 2003
anytime buddy :) - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT Pangaea (http://it-pangaea.com)- ITPangaeaArchitect
- Post #7
- Forum: Microsoft: Windows servers
-
Cant get DDNS going on secure only updates
k glad to hear its working right now though :) - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT Pangaea (http://it-pangaea.com)- ITPangaeaArchitect
- Post #13
- Forum: TCP/IP
-
Cant get DDNS going on secure only updates
actually the multihoming can still be the problem. If it writes the wrong SOA into the zone, even for a short time, then in that short time it is quite possible for clients to get an error such as that.... next time you get the error, grab netdiag /v results on the problem server and post...- ITPangaeaArchitect
- Post #11
- Forum: TCP/IP
-
ping to name not working in one domain
do a query through ldp, adsi script, or adsiedit.msc against "CN=ForestDnsZones,DC=domain,DC=com" and against "CN=DomainDnsZones,DC=domain,DC=com" See which one has records in it. - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT Pangaea (http://it-pangaea.com)- ITPangaeaArchitect
- Post #9
- Forum: Microsoft: Windows servers
-
DNS configuration
you should have DNS installed on all DCs. from there, the PDCe should face itself and itself only for DNS. all replica DCs in the same site as the PDCe should face the PDCe for preferred DNS, and themselves as alternate DNS. One DC in remote sites should point to the PDCe as the preferred DNS...- ITPangaeaArchitect
- Post #3
- Forum: Microsoft: Windows servers
