Hi, I'm going to deploy a new server for IIS and FTP services. Now my concern is about the security on this server. This server will be isolated in DMZ network zone. Should I join this server into domain? Because the internal users need to access this IIS service for e-Leave application. regards, SeanSean

Hi Sean, You do not need to join a server to a domain for users to be able to access it, it can make some tasks easier in terms of permissions and roles, but to use is as a proverbial web-server for generic use, adding it to the domain wont mean much. What you MUST do however is ensure that the new server IP is listed in your DNS to ensure if your users look up website internally that it is found by name and not IP. Kind Regards, Martin If you find my information useful, please rate it. :-)

Hi Sean, You do not need to join a server to a domain for users to be able to access it, it can make some tasks easier in terms of permissions and roles, but to use is as a proverbial web-server for generic use, adding it to the domain wont mean much. What you MUST do however is ensure that the new server IP is listed in your DNS to ensure if your users look up website internally that it is found by name and not IP. Kind Regards, Martin If you find my information useful, please rate it. :-)

Hello, Some tips to help secure your IIS server. Secure an IIS Web server with these 10 steps http://www.techrepublic.com/article/secure-an-iis-web-server-with-these-10-steps/5226103 Securing Your Web Server http://msdn.microsoft.com/en-us/library/ff648653.aspx For IIS related query, please ask in Microsoft IIS forum. http://www.iis.net/ Thanks Zhang

Hello, Some tips to help secure your IIS server. Secure an IIS Web server with these 10 steps http://www.techrepublic.com/article/secure-an-iis-web-server-with-these-10-steps/5226103 Securing Your Web Server http://msdn.microsoft.com/en-us/library/ff648653.aspx For IIS related query, please ask in Microsoft IIS forum. http://www.iis.net/ Thanks Zhang

Hi Sean, As a general recommendation, the servers in the DMZ should not be joined to the domain. IIS does not require to be joined to the domain for any of its services. You have make sure that you apply proper security on the server in terms of local users/password, open ports and antivirus/antispam etc. To give access to users inside the local network, open only port 21 for FTP, and 80 for HTTP. Similarly, if the server is accessible from the Internet, open only the required ports on the external firewall. Other guidelines for specific needs can be found in Zhang's post. Hope this helps.Imran