Documenting the Zones
Applies To: Windows Server 2008, Windows Server 2008 R2
Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the Designing a Windows Firewall with Advanced Security Strategy section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Firewall with Advanced Security Strategy section. A sample is shown here:
| Host name | Hardware reqs met | Software reqs met | Configuration required | Details | Projected cost | Group |
|---|---|---|---|---|---|---|
CLIENT001 |
No |
No |
Upgrade hardware and software. |
Current operating system is Windows NT 4.0. Old hardware not compatible with Windows XP or Windows Vista. |
$?? |
Isolated domain |
SERVER002 |
Yes |
No |
Join trusted domain, upgrade from Windows NT 4.0 to Windows Server 2008 |
No antivirus software present. |
$?? |
Encryption |
SENSITIVE001 |
Yes |
Yes |
Not required. |
Running Windows Server 2008. Ready for inclusion. |
$0 |
Isolated server (in zone by itself) |
PRINTSVR1 |
Yes |
Yes |
Not required. |
Running Windows Server 2003. Ready for inclusion. |
$0 |
Boundary |
Next: Planning Group Policy Deployment for Your Isolation Zones