Link to home
Create AccountLog in
Avatar of Kram80
Kram80

asked on

WSUS on a DC

I know it's not best practice to install WSUS on a DC, and I've read conflicting opinions on the subject ranging from it's fine to don't do it.

Here's my question.  When installing WSUS you need to install IIS.  Is that the main reason it's ill-advised to run WSUS on a DC?  If so, since it's not a public facing web server, does that decrease your vulnerability?  I realize that IIS can increase your attack surface, but wouldn't that be mostly for public facing web servers?  Where they would then be connecting to the box and could compromise your security database?

I'm just trying to dig a bit deeper into the topic.  Thanks in advance for your thoughts.
ASKER CERTIFIED SOLUTION
Avatar of jakethecatuk
jakethecatuk
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account