Group Policy in the DMZ 3

[mmXmm]

Hello,

I'm not quite sure if this is the correct forum to post this; but, here it goes...

What is commonly used as 'best practice' when applying GPO to a computer in the DMZ. I am about to bring up a web server in our DMZ. This is "physically" separated from the rest of our network, with our firewall in between. It doesn't seem like a good idea to just open all the ports necessary for Group Policy transfer to and from the DMZ/Secure Network. Is just applying local group policy common in this situation?

Thank You.

 

[Titleist]

mmXmm,

It would be common to leave the web server in a Workgroup and apply a local policy to it. I'm not saying it can't belong to a domain but if it's just serving static web pages the DMZ config would be easier.

John

 

[mmXmm]

Well... okay!

Now, how does one get rights back to change a GP setting after a domain group policy has been applied to it...

 

[58sniper]

You can't apply GPOs to a machine unless it's in the domain, and can access the DCs holding the GPOs.

It's rarely a good idea to put a domain member machine in the DMZ.

Use the local policies.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP

 

[mmXmm]

Hrmm...

So... bringing it up in the domain to configure it was a bad idea?

A quick reinstall is the only way to fix this issue?

 

[Cstorms]

No if its just a member server remove it from the domain by changing its membership to a workgroup (right click "My Computer" Properties -> Computer Name -> Change).. I am assuming its just a member server since its in your dmz.

Cory