According to a white paper entitled MS Incident Response Plan, MS states that
you should never load IIS on a domain controller. Does anyone have any
experience with a fully updated windows 2003 server and a fully updated IIS
install having security problems?
Thanks,
--
P Cully
There are no "known" security issues, otherwise every SBS box for example,
would be hacked within seconds.
The issue is around "risk management". Your domain controllers hold the
"keys to the castle" (i.e your domain). The more services you run on a DC,
the more potential exploits exist on your DC. It could be a flaw in IIS, or
it could be a flaw in the application you run ontop of IIS. However, once
your server is compromised, your entire domain is compromised. On the other
hand, if you run IIS on a separate member server, the attacker might control
the IIS box, but it's still another step to compromising the DC.
Cheers
Ken
"softtrain"
news:A95854CD-B768-4B05-9250-3396592002AA@microsoft.com...
> According to a white paper entitled MS Incident Response Plan, MS states
> that
> you should never load IIS on a domain controller. Does anyone have any
> experience with a fully updated windows 2003 server and a fully updated
> IIS
> install having security problems?
>
> Thanks,
> --
> P Cully
Hi,
Avoid whenever it is possible to run IIS on a domain controller. but if you
want here is the webcaste for the same
http://www.iis-resources.com/modules/mylinks/visit.php?cid=2 9&lid=211
Thanks & Regards
Jigs4u_4ever
"softtrain" wrote:
> According to a white paper entitled MS Incident Response Plan, MS states that
> you should never load IIS on a domain controller. Does anyone have any
> experience with a fully updated windows 2003 server and a fully updated IIS
> install having security problems?
>
> Thanks,
> --
> P Cully