Solved

Installing Software on a Domain Controller

Posted on 2010-11-18
7
432 Views
Last Modified: 2012-05-10
A general question that I would like to have some experts opinions on. What are you feelings about installing software on a Windows 2003 domain controller. We already have McAfee VirusScan 8.7 installed. We just purcahsed McAfee Anti-Spyware as an add-on to VirusScan 8.7. Is it neccessary to install the add-on to our DC's? Is it neccessary to even have VirusScan 8.7 installed?

Thanks
0
Comment
Question by:AGenMIS
7 Comments
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34163834
Although Microsoft always say that you don't install anything on a domain controller, there are a few givens that you can install.

AV is a good example, and personnaly, I wouldn't run any DC with an AV package installed.

Whether I would install anti spyware though is another question.  In theory, anti spyware will protect you from anything being installed covertly from a website for example.  As you shouldn't be browsing the web from an AD server - why would you need anti spyware?

0
 
LVL 4

Expert Comment

by:Jsblanton
ID: 34163857
I never install anti spyware protection on my servers, especially real-time protection. It's a recipe for trouble if you ask me. The majority of spyware/grayware is going to be picked up from surfing the internet, which shouldn't be done from your servers. Now, possibly if it's a terminal server I might make an exception. Otherwise, I would recommend against it, I think if you called Mcafee and asked them they would probably say the same.
0
 

Expert Comment

by:rfvirani
ID: 34163861
We have similar setup and installed VSE 8.7 with Anti Spyware module on all our servers including DCs [a mix of 2003 and 2008] and it works good.

I think it is important to have antivirus and anti spyware on sever to prevent them from getting affected in case a virus/spyware breaks out on network.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 4

Expert Comment

by:Jsblanton
ID: 34163896
@rfvirani:   I'm not sure where you heard this, but it's pretty much SOP to not install spyware protection on servers. It may "work good" for now on certain servers, but it's too broad of a blanket statement to say that you can install anti-spyware on any server and it will "work good".

@AgenMIS: It's your decision but I HIGHLY recommend not following this advice.
0
 
LVL 10

Accepted Solution

by:
jramsier earned 500 total points
ID: 34164041
Anti-Virus is a yes, I dont do it but is usefull.  I do remote scans on my DC.  Anti-Spyware is just waste of resources on the server.  you should never be using browsing on any server (except like terminal servers).  Should always test can copy over files.
0
 

Author Comment

by:AGenMIS
ID: 34164621
Can spyware infect a server by other means then surfing the web? Removable drives?
0
 
LVL 4

Expert Comment

by:Jsblanton
ID: 34164751
Technically, yes. But you shouldn't have random users plugging removable drives into your servers if you ask me. If you are worried about your server getting infected, there are online remote scanning options like another expert had mentioned. Ultimately it's up to you, but I would suggest not putting anti-spyware on your server. Good luck.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question