iis security: According to a white paper entitled MS Incident Response Plan, MS states that
you should never load IIS on a domain controller. Does anyone have any
experience with a fully updated windows 2003 server and a fully updated IIS
install having security problems?

Thanks,
--

There are no "known" security issues, otherwise every SBS box for example,
would be hacked within seconds.

The issue is around "risk management". Your domain controllers hold the
"keys to the castle" (i.e your domain). The more services you run on a DC,
the more potential exploits exist on your DC. It could be a flaw in IIS, or
it could be a flaw in the application you run ontop of IIS. However, once
your server is compromised, your entire domain is compromised. On the other
hand, if you run IIS on a separate member server, the attacker might control
the IIS box, but it's still another step to compromising the DC.

Cheers
Ken

[quoted text, click to view]

Hi,

Avoid whenever it is possible to run IIS on a domain controller. but if you
want here is the webcaste for the same

http://www.iis-resources.com/modules/mylinks/visit.php?cid=29&lid=211

Thanks & Regards
Jigs4u_4ever


[quoted text, click to view]