Windows 2000 policy?

[richyd]

I am in the process of setting up an 8 Port Firewall which has a DMZ and various other ports. The Firewall connects directly onto a local Network where AD DCs Servers are located, there are also numberous DCs located throughout the WAN. I originally built a member server in the DMZ with full access through the firewall. I now want to limit access from this member server to the DCs located on the LAN on the other side of the firewall. I have now limited access to only the local DCs, but when I look in my firewall logs, I see that my member server is trying to talk to numerous DC located locally and remotely. Does anyone know if I need to do something in AD Sites and Services so that my member server primarily talks to the "nearest" dcs?

Also, why is my member server constantly trying to poll the DCs on TCP Port 512?

 

[GiaBetiu]

Having a WAN there, then for sure you have to define sites. As you are saying you have the traffic all over, uncontrolled. Define sites, and specify what conenction do you want between sites, and who will be the preffered server for that connection.
About your member server,... what is his role? What do you mean that it is "polling" the other DCs? Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K

 

[richyd]

I had a feeling that the AD Sites and Services thing is the way to go and I will test that shortly.... Cheers.....

With regard to the "polling", I don't know why this stupid server is performing ICMP "pings" on Port 512..... I think it might be something that this version of Windows 2000 does..... But I would like to know why?