<div>
<div class="content wysiwyg-content">
I have a Windows Server 2003 that acts as a domain controller, DHCP server, and file server. &nbsp;Presently, it's underutilized. &nbsp;I'd like to get WSUS going in the office, and the Windows Server 2003 is the only candidate, but have been told that IIS on a domain controller opens the server up to malicious activity. &nbsp;I'm not sure I understand why. &nbsp;If the server has a private IP and is behind a very robust firewall, where's the risk? &nbsp;Is it possible to install IIS on a domain controller that minimizes the risk?
</div>
</div>


I have a Windows Server 2003 that acts as a domain controller, DHCP server, and file server.  Presently, it's underutilized.  I'd like to get WSUS going in the office, and the Windows Server 2003 is the only candidate, but have been told that IIS on a domain controller opens the server up to malicious activity.  I'm not sure I understand why.  If the server has a private IP and is behind a very robust firewall, where's the risk?  Is it possible to install IIS on a domain controller that minimizes the risk?

IIS and Domain Controller - Feasible?

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.