[ADUG]

The UK Active Directory User Group.

Welcome to [ADUG] Sign in | Join | Help

Home

Blogs

Media

Forums

Forums » Directory Services » Security » RODC and IIS roles on the same box - any security concerns?

Latest post 05-26-2009 3:00 PM by JonRoderick. 2 replies.

Page 1 of 1 (3 items)
	Sort Posts: Previous Next

05-20-2009 3:21 PM

JonRoderick
Joined on 08-29-2008
London
Posts 33
Points 0

RODC and IIS roles on the same box - any security concerns?

Reply Contact

Does anyone have any reasons/concerns why we shouldn't run a combined RODC/IIS server (primarily just serving out FTP rather than full web services)? Best practise has been to keep them separate in the past but does RODC reduce this requirement?

Cheers

Jon

Post Points: 0

05-26-2009 11:08 AM In reply to

roblane
Joined on 10-15-2008
Posts 8
Points 0

Re: RODC and IIS roles on the same box - any security concerns?

Reply Contact

Haven't seen this asked internally Jon but I suppose RODC is more appropriate as IIS host if only from the perspective that it isn't fully trusted for delegation. ie it can only be used for constrained delegation in double hop scenarios.

Post Points: 0

05-26-2009 3:00 PM In reply to

JonRoderick
Joined on 08-29-2008
London
Posts 33
Points 0

Re: RODC and IIS roles on the same box - any security concerns?

Reply Contact

Hey Rob, good to see you on the forum again.

We were just wondering if we needed to be concerned about the new potential attack vector that, ahem, IIS might introduce on our RODC (we don't run IIS on any of our current non-shared DCs) - just being a bit paranoid about things but better safe than sorry.

Jon

Post Points: 0

Page 1 of 1 (3 items)

Powered by Community Server (Non-Commercial Edition), by Telligent Systems