Install web application on C-Drive?

Posted on 2006-04-05
Last Modified: 2013-12-04
My company makes an IIS-based web application that runs on Windows Server 2003. A person at my company is convinced that "nobody should ever install a web application onto the C drive, for security reasons". Therefore, we insist that all our customers create a "D" partition and install the webapp onto that partition.

This notion seems bizarre to me, mainly because, of the thousands of web-security articles I've read, nothing like this has ever been mentioned. And I have installed many web apps from other companies, and they all install to C by default, and none of them recommend to "not install to c".

I am looking for info about this, "for" or "against", backed up by specifics, online articles, and anything else reputable.
Question by:SweatCoder
    LVL 11

    Author Comment

    Note: I am looking for as many posts as possible. If somebody else posts something that you agree with, please post and say that you agree, etc., or add anything you'd like. I will split points for a few of the most valuable posts.
    LVL 19

    Expert Comment

    Hi SweatCoder,

    There are a number of reason why one would want to install a web application on a partition other than the system drive.  Foremost is the number of exploits within IE and web apps that can grant a malicious user access to the file system - putting the application on D: somewhat lessens the chance that the intruder may 'take down' the entire server.

    As a general systems administration rule, it is best practice and strongly recommended for any server to have a seperate partition for applications.  C:\ drive should be reserved for OS (and possibly paging) only and D:\, E:\, etc for all other applications (web apps, Office, virus software, etc)

    LVL 11

    Author Comment

    jss1199, that's a well-stated answer, but...can you give me a link to [an] article(s) that backs up your assertion?
    LVL 19

    Accepted Solution

    I know of a couple that recommend a separate OS partition.  I doubt you will find much *documented* as separating OS from data and applications is entrenched as the de facto best practice....  

    Microsoft recommendation - Windows 2000 Security Hardening Guide -

      Excerpt - For servers, we recommend using about 4 GB of space on one disk for the operating system. The remaining space in the system should be reserved for data files, services, utilities and so on. We highly discourage storage of user data files on the boot partition on servers, while on workstations this is acceptable practice which makes it easier for users to locate their data.

    Informit -

      Excerpt - It's generally best to keep the operating system on a separate partition from your applications and data. System and boot partitions are where you initially boot from, usually drive C:\


    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video discusses moving either the default database or any database to a new volume.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now