Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1507
  • Last Modified:

IIS and Domain Controller - Feasible?

I have a Windows Server 2003 that acts as a domain controller, DHCP server, and file server.  Presently, it's underutilized.  I'd like to get WSUS going in the office, and the Windows Server 2003 is the only candidate, but have been told that IIS on a domain controller opens the server up to malicious activity.  I'm not sure I understand why.  If the server has a private IP and is behind a very robust firewall, where's the risk?  Is it possible to install IIS on a domain controller that minimizes the risk?
0
jdana
Asked:
jdana
2 Solutions
 
KrazyRhinoCommented:
Adding ANY functionality to any computer/server is a vulnerability. On a domain controller if it has IIS it can bbecome "more vulnerable" but then again if you can log in to it, it does also.

I have been an Admin on several networks that have IIS on the secondary domain controller, if that is what you are thinking that should be fine, but it is a general rule of thumb just for safety sake to keep a primary domain controller with as few additional functions as possible.

That being said, seeing as you have the additional functions already the addition of IIS shouldn't hurt it too much, just make sure to patch it when it is done installing and use some sort of vulnerability scanner or some other tool to lock it down to only your intended uses.
0
 
Donald StewartNetwork AdministratorCommented:
We have wsus installed and working just fine on our domain controller, and I installed this  three years ago. Have had no problems. We also are running dhcp, file server and even applications.

Heres a great guide to get you set up

http://blogs.microsoft.co.il/blogs/yanivf/archive/2007/09/23/install-wsus-3-0-step-by-step.aspx
 
Just make you run the Security Configuration Wizard afterwards
http://redmondmag.com/columns/article.asp?editorialsid=984 
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now