Solved

Installing Software on a Domain Controller

Posted on 2010-11-18
7
443 Views
Last Modified: 2012-05-10
A general question that I would like to have some experts opinions on. What are you feelings about installing software on a Windows 2003 domain controller. We already have McAfee VirusScan 8.7 installed. We just purcahsed McAfee Anti-Spyware as an add-on to VirusScan 8.7. Is it neccessary to install the add-on to our DC's? Is it neccessary to even have VirusScan 8.7 installed?

Thanks
0
Comment
Question by:AGenMIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34163834
Although Microsoft always say that you don't install anything on a domain controller, there are a few givens that you can install.

AV is a good example, and personnaly, I wouldn't run any DC with an AV package installed.

Whether I would install anti spyware though is another question.  In theory, anti spyware will protect you from anything being installed covertly from a website for example.  As you shouldn't be browsing the web from an AD server - why would you need anti spyware?

0
 
LVL 4

Expert Comment

by:Jsblanton
ID: 34163857
I never install anti spyware protection on my servers, especially real-time protection. It's a recipe for trouble if you ask me. The majority of spyware/grayware is going to be picked up from surfing the internet, which shouldn't be done from your servers. Now, possibly if it's a terminal server I might make an exception. Otherwise, I would recommend against it, I think if you called Mcafee and asked them they would probably say the same.
0
 

Expert Comment

by:rfvirani
ID: 34163861
We have similar setup and installed VSE 8.7 with Anti Spyware module on all our servers including DCs [a mix of 2003 and 2008] and it works good.

I think it is important to have antivirus and anti spyware on sever to prevent them from getting affected in case a virus/spyware breaks out on network.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Expert Comment

by:Jsblanton
ID: 34163896
@rfvirani:   I'm not sure where you heard this, but it's pretty much SOP to not install spyware protection on servers. It may "work good" for now on certain servers, but it's too broad of a blanket statement to say that you can install anti-spyware on any server and it will "work good".

@AgenMIS: It's your decision but I HIGHLY recommend not following this advice.
0
 
LVL 10

Accepted Solution

by:
jramsier earned 500 total points
ID: 34164041
Anti-Virus is a yes, I dont do it but is usefull.  I do remote scans on my DC.  Anti-Spyware is just waste of resources on the server.  you should never be using browsing on any server (except like terminal servers).  Should always test can copy over files.
0
 

Author Comment

by:AGenMIS
ID: 34164621
Can spyware infect a server by other means then surfing the web? Removable drives?
0
 
LVL 4

Expert Comment

by:Jsblanton
ID: 34164751
Technically, yes. But you shouldn't have random users plugging removable drives into your servers if you ask me. If you are worried about your server getting infected, there are online remote scanning options like another expert had mentioned. Ultimately it's up to you, but I would suggest not putting anti-spyware on your server. Good luck.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question