Solved

IIS and Domain Controller - Feasible?

Posted on 2009-04-02
2
1,496 Views
Last Modified: 2012-05-06
I have a Windows Server 2003 that acts as a domain controller, DHCP server, and file server.  Presently, it's underutilized.  I'd like to get WSUS going in the office, and the Windows Server 2003 is the only candidate, but have been told that IIS on a domain controller opens the server up to malicious activity.  I'm not sure I understand why.  If the server has a private IP and is behind a very robust firewall, where's the risk?  Is it possible to install IIS on a domain controller that minimizes the risk?
0
Comment
Question by:jdana
2 Comments
 
LVL 9

Accepted Solution

by:
KrazyRhino earned 125 total points
ID: 24054414
Adding ANY functionality to any computer/server is a vulnerability. On a domain controller if it has IIS it can bbecome "more vulnerable" but then again if you can log in to it, it does also.

I have been an Admin on several networks that have IIS on the secondary domain controller, if that is what you are thinking that should be fine, but it is a general rule of thumb just for safety sake to keep a primary domain controller with as few additional functions as possible.

That being said, seeing as you have the additional functions already the addition of IIS shouldn't hurt it too much, just make sure to patch it when it is done installing and use some sort of vulnerability scanner or some other tool to lock it down to only your intended uses.
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 125 total points
ID: 24054526
We have wsus installed and working just fine on our domain controller, and I installed this  three years ago. Have had no problems. We also are running dhcp, file server and even applications.

Heres a great guide to get you set up

http://blogs.microsoft.co.il/blogs/yanivf/archive/2007/09/23/install-wsus-3-0-step-by-step.aspx
 
Just make you run the Security Configuration Wizard afterwards
http://redmondmag.com/columns/article.asp?editorialsid=984 
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question