According to a white paper entitled MS Incident Response Plan, MS states that
you should never load IIS on a domain controller.  Does anyone have any
experience with a fully updated windows 2003 server and a fully updated IIS
install having security problems?

Thanks,

There are no "known" security issues, otherwise every SBS box for example,
would be hacked within seconds.

The issue is around "risk management". Your domain controllers hold the
"keys to the castle" (i.e your domain). The more services you run on a DC,
the more potential exploits exist on your DC. It could be a flaw in IIS, or
it could be a flaw in the application you run ontop of IIS. However, once
your server is compromised, your entire domain is compromised. On the other
hand, if you run IIS on a separate member server, the attacker might control
the IIS box, but it's still another step to compromising the DC.

Cheers
Ken

Show quoteHide quote

Hi,

Avoid whenever it is possible to run IIS on a domain controller. but if you
want here is the webcaste for the same

http://www.iis-resources.com/modules/mylinks/visit.php?cid=29&lid=211

Thanks & Regards
Jigs4u_4ever


Show quoteHide quote

System Stored Procedures
Securing static files
workgroup vs domain recommendation
IIS Snap-In rights question
SSL and IIS 5.0
SSL using locally generated certificate
Mirror ftp sites and user accounts in IIS
Windows Server Hardeing
IIS and client certificate
SSL using Microsofts CA