Installing Software on a Domain Controller

A general question that I would like to have some experts opinions on. What are you feelings about installing software on a Windows 2003 domain controller. We already have McAfee VirusScan 8.7 installed. We just purcahsed McAfee Anti-Spyware as an add-on to VirusScan 8.7. Is it neccessary to install the add-on to our DC's? Is it neccessary to even have VirusScan 8.7 installed?

Thanks
AGenMISAsked:
Who is Participating?
 
jramsierConnect With a Mentor Commented:
Anti-Virus is a yes, I dont do it but is usefull.  I do remote scans on my DC.  Anti-Spyware is just waste of resources on the server.  you should never be using browsing on any server (except like terminal servers).  Should always test can copy over files.
0
 
jakethecatukCommented:
Although Microsoft always say that you don't install anything on a domain controller, there are a few givens that you can install.

AV is a good example, and personnaly, I wouldn't run any DC with an AV package installed.

Whether I would install anti spyware though is another question.  In theory, anti spyware will protect you from anything being installed covertly from a website for example.  As you shouldn't be browsing the web from an AD server - why would you need anti spyware?

0
 
JsblantonCommented:
I never install anti spyware protection on my servers, especially real-time protection. It's a recipe for trouble if you ask me. The majority of spyware/grayware is going to be picked up from surfing the internet, which shouldn't be done from your servers. Now, possibly if it's a terminal server I might make an exception. Otherwise, I would recommend against it, I think if you called Mcafee and asked them they would probably say the same.
0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
rfviraniCommented:
We have similar setup and installed VSE 8.7 with Anti Spyware module on all our servers including DCs [a mix of 2003 and 2008] and it works good.

I think it is important to have antivirus and anti spyware on sever to prevent them from getting affected in case a virus/spyware breaks out on network.
0
 
JsblantonCommented:
@rfvirani:   I'm not sure where you heard this, but it's pretty much SOP to not install spyware protection on servers. It may "work good" for now on certain servers, but it's too broad of a blanket statement to say that you can install anti-spyware on any server and it will "work good".

@AgenMIS: It's your decision but I HIGHLY recommend not following this advice.
0
 
AGenMISAuthor Commented:
Can spyware infect a server by other means then surfing the web? Removable drives?
0
 
JsblantonCommented:
Technically, yes. But you shouldn't have random users plugging removable drives into your servers if you ask me. If you are worried about your server getting infected, there are online remote scanning options like another expert had mentioned. Ultimately it's up to you, but I would suggest not putting anti-spyware on your server. Good luck.
0
All Courses

From novice to tech pro — start learning today.