Solved

IIS and Domain Controller - Feasible?

Posted on 2009-04-02
2
1,495 Views
Last Modified: 2012-05-06
I have a Windows Server 2003 that acts as a domain controller, DHCP server, and file server.  Presently, it's underutilized.  I'd like to get WSUS going in the office, and the Windows Server 2003 is the only candidate, but have been told that IIS on a domain controller opens the server up to malicious activity.  I'm not sure I understand why.  If the server has a private IP and is behind a very robust firewall, where's the risk?  Is it possible to install IIS on a domain controller that minimizes the risk?
0
Comment
Question by:jdana
2 Comments
 
LVL 9

Accepted Solution

by:
KrazyRhino earned 125 total points
ID: 24054414
Adding ANY functionality to any computer/server is a vulnerability. On a domain controller if it has IIS it can bbecome "more vulnerable" but then again if you can log in to it, it does also.

I have been an Admin on several networks that have IIS on the secondary domain controller, if that is what you are thinking that should be fine, but it is a general rule of thumb just for safety sake to keep a primary domain controller with as few additional functions as possible.

That being said, seeing as you have the additional functions already the addition of IIS shouldn't hurt it too much, just make sure to patch it when it is done installing and use some sort of vulnerability scanner or some other tool to lock it down to only your intended uses.
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 125 total points
ID: 24054526
We have wsus installed and working just fine on our domain controller, and I installed this  three years ago. Have had no problems. We also are running dhcp, file server and even applications.

Heres a great guide to get you set up

http://blogs.microsoft.co.il/blogs/yanivf/archive/2007/09/23/install-wsus-3-0-step-by-step.aspx
 
Just make you run the Security Configuration Wizard afterwards
http://redmondmag.com/columns/article.asp?editorialsid=984 
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now