logo

Upgrading workgroup Win2003 server to Domain Controller; IIS probl
sandy.woo posted on Friday, December 26, 2008 4:46 PM

 
I'm modifying an existing test lab workgroup computer so that it can become a
Domain Controller. IIS is already installed on this system. When I promote it
to a Domain Controller, with the security get messed up since the server is
no longer a workgroup server and now has domain accounts?
--
Sandy Wood
Orange County District Attorney
reply


Sandy, IIS uses certain built-in local accounts for it's operations such as
makha posted on Monday, December 29, 2008 2:49 AM

 
Sandy,
IIS uses certain built-in local accounts for it's operations such as
network service, system or iusr_computername depending on which one you are
using ... Therefore, when you promote a member server to a DC... the concept
of built in accounts work no more... and that has an effect on IIS... I would
advice you to shift the dc role to probably another server in the test lab
...

--
Regards,
ma_khan
http://www.iisworkstation.com
reply

Thanks for the information, this will help my test lab setup.
sandy.woo posted on Monday, December 29, 2008 10:12 AM

 
Thanks for the information, this will help my test lab setup. I think for my
purposes, I'll uninstall IIS and dcpromo first before reinstalling IIS again.
--
Sandy Wood
Orange County District Attorney
reply

Upgrading workgroup Win2003 server to Domain Controller; IIS probl
David Wang posted on Monday, December 29, 2008 11:22 PM

 
me a
e it
is

Yes, you want to install IIS after DC Promotion because security
settings will get messed up on the DCPROMO and break IIS.

Typically, you do not want IIS (or any other servers) running on the
Domain Controller for security reasons.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
reply

The advice to not use IIS on a DC is to be taken a bit stronger than just a
iisgu posted on Tuesday, December 30, 2008 3:02 PM

 
The advice to not use IIS on a DC is to be taken a bit stronger than just a
best practice. If you use IIS on a DC, then the anon user is a Domain account
and has rights by default as a member of domain users. This may or may not be
acceptable depending on your cirucmstances, but often is not.
reply

 

Didn't Find The Answer You Were Looking For?
View IIS Posts   Ask A New Question

EggHeadCafe has experts online right now that may know the answer to your question.  We pay them a bonus for answering as many questions as they can.  So, why not help them and yourself by becoming a member (free) and ask them your question right now?
Ask Question In Live Forum

If you have an OpenID and do not want to become a member of the EggHeadCafe forum, you can also sign on to Chat Chaos and post your question to our real time Silverlight chat application.
Ask Question In Chat Chaos

Previous IIS conversation.

FrontPage Client    FrontPage Extensions WindowsNT    FrontPage Programming    IIS ASP DB    IIS ASP    IIS    IIS Security   






  $1000 Contest    [)ia6l0 iii - $228  |  Jonathan VH - $161  |  Huggy Bear - $135  |  F Cali - $95  |  egg egg - $94  |  more Advertise  |  Privacy  |   (c) 2010