| WC Justice 2005-06-24, 3:23 am |
| I am setting up a 3-server domain, all running Windows Server 2003
Enterprise, configured as follows:
Server 1 - Files, Exchange, Domain Controller
Server 2 - SQL Server, Domain Controller
Server 3 - Web Server (not a Domain Controller)
I was advised to not make the Web Server a Domain Controller for security
reasons (I had all 3 as DCs previously). Now that it is no longer a DC, SQL
Server cannot see the IUSR_<<Server 3>> account, which I need for ASP to hit
SQL Server, although Server 3 includes it as a user.
I was previously advised in this forum to replace my ASP SQL statements with
stored procedures which include permission-granting language. While I plan
to move toward that end, I need a "relatively safe" configuration to get by
for now. Can I make this work without Server 3 being a DC, or should I just
promote it back for now (or are there other options)?
Thanks
|