Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Installing Software on a Domain Controller

Posted on 2010-11-18
7
Medium Priority
?
461 Views
Last Modified: 2012-05-10
A general question that I would like to have some experts opinions on. What are you feelings about installing software on a Windows 2003 domain controller. We already have McAfee VirusScan 8.7 installed. We just purcahsed McAfee Anti-Spyware as an add-on to VirusScan 8.7. Is it neccessary to install the add-on to our DC's? Is it neccessary to even have VirusScan 8.7 installed?

Thanks
0
Comment
Question by:AGenMIS
7 Comments
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34163834
Although Microsoft always say that you don't install anything on a domain controller, there are a few givens that you can install.

AV is a good example, and personnaly, I wouldn't run any DC with an AV package installed.

Whether I would install anti spyware though is another question.  In theory, anti spyware will protect you from anything being installed covertly from a website for example.  As you shouldn't be browsing the web from an AD server - why would you need anti spyware?

0
 
LVL 4

Expert Comment

by:Jsblanton
ID: 34163857
I never install anti spyware protection on my servers, especially real-time protection. It's a recipe for trouble if you ask me. The majority of spyware/grayware is going to be picked up from surfing the internet, which shouldn't be done from your servers. Now, possibly if it's a terminal server I might make an exception. Otherwise, I would recommend against it, I think if you called Mcafee and asked them they would probably say the same.
0
 

Expert Comment

by:rfvirani
ID: 34163861
We have similar setup and installed VSE 8.7 with Anti Spyware module on all our servers including DCs [a mix of 2003 and 2008] and it works good.

I think it is important to have antivirus and anti spyware on sever to prevent them from getting affected in case a virus/spyware breaks out on network.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 4

Expert Comment

by:Jsblanton
ID: 34163896
@rfvirani:   I'm not sure where you heard this, but it's pretty much SOP to not install spyware protection on servers. It may "work good" for now on certain servers, but it's too broad of a blanket statement to say that you can install anti-spyware on any server and it will "work good".

@AgenMIS: It's your decision but I HIGHLY recommend not following this advice.
0
 
LVL 10

Accepted Solution

by:
jramsier earned 2000 total points
ID: 34164041
Anti-Virus is a yes, I dont do it but is usefull.  I do remote scans on my DC.  Anti-Spyware is just waste of resources on the server.  you should never be using browsing on any server (except like terminal servers).  Should always test can copy over files.
0
 

Author Comment

by:AGenMIS
ID: 34164621
Can spyware infect a server by other means then surfing the web? Removable drives?
0
 
LVL 4

Expert Comment

by:Jsblanton
ID: 34164751
Technically, yes. But you shouldn't have random users plugging removable drives into your servers if you ask me. If you are worried about your server getting infected, there are online remote scanning options like another expert had mentioned. Ultimately it's up to you, but I would suggest not putting anti-spyware on your server. Good luck.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question