Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Webserver on DC

Status
Not open for further replies.
nsanto17

nsanto17

IS-IT--Management
Mar 14, 2005
616
US
Is there any harm with placeing a webserver open to the public on a Domain Controller?

I know ideally it should prob be a seperate box but i am not sure we have the funds for it right now. I do NOT want to place my network at risk with opening up IIS to the public that is on a domain contoller.

Thanks for your comments and thoughts.
 
Sort by date Sort by votes
I would say thats an absolute no no. IIS is well known for security issues. I would never allow access to any service running on a DC from outside the trusted LAN.

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen
 
Upvote 0 Downvote
There usually should be anything on a DC except for AD.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog
 
Upvote 0 Downvote
SBS negates these arguments! It is Exchange and a DC and DNS and IIS...

It *can* be done, it just should be avoided.
 
Upvote 0 Downvote
I actually quite like Denny's statment, it would really shake things up a bit ;-)

Yeah, try to avoid a DC doing anything other than being a DC if possible.

a low cost desktop with 2k3 on it to run iis would be better than running a public web site on your DC.

What is the website for? is it a corporate site? e-commerce?


Paul
MCTS: Exchange 2007, Configuration
MCSA:2003
MCSE:2003
MCITP:Enterprise Administrator

RFC 2795 - The Infinite Monkey Protocol Suite (IMPS)
 
Upvote 0 Downvote
The site is going to be used a company support site which will require users log-in via asp pages. Once users have been logged in they will have access to view asp pages that access the company database. We are going to expand this out to our business partners so they can log in and see the status of there files with us. I already have IIS running on a 2000 server but i wanted to switch it over to 2003 and add a certificate for secure connections.

 
Upvote 0 Downvote
Pat's correction, is correct. The brain is faster than the fingers.

Is it possible? Yes, just about anything is possible. Microsoft gives you plenty of rope to hang yourself.

Just because you can do it, doesn't mean that you should.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
202
RRankin355
RRankin355
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
248
DrB0b
DrB0b
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
181
mikehook
mikehook
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
168
maybeimaleo
maybeimaleo
edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
150
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top