Home
Certification Preparation
Microsoft
MCTS / MCITP on Windows 2008 General
AD and File server on same machine
z0nk
Hi
I'm learning server 2008. I'm doing the Train Signal tutorials on active directory for server 2008 (70-640).
Ive already set up active directory on 2 netbooks, and installed a file server on one of those. When I browse to it from another machine I notice Sysvol and Netlogon folders are shared. I was wondering if this is a security issue and is it OK to install a file server on the same machine with AD?
Thanks
Find more posts tagged with
Comments
Hyper-Me
Its fine. Sysvol/Netlogon are shared once you make a machine a DC so that certain files (group policy, logon scripts, etc) can be downloaded by clients.
Infact, its on purpose that users have read access to these folders.
In larger environment, it would obvioulsy be ideal to seperate roles as best you can, but in situtations like SBS its perfectly OK.
crrussell3
As Hyper-Me said, its perfectly fine, especially in smaller environments. I work for a non-profit as a sys admin, and we have three sites, each with their own DC. These DC's also act as DNS, DHCP, File, and Print servers. They handle about 75-100 users each, and it works just fine.
Just make sure you harden your DC's and everything will be fine.
z0nk
OK thanks. Thats what I thought.
crrussell3, how do you mean harden?
Hyper-Me
z0nk
wrote:
»
OK thanks. Thats what I thought.
crrussell3, how do you mean harden?
Harden security wise.
MentholMoose
Just to make it clear, there are two issues. First, running a file server on a DC is fine, especially in smaller environments. Second, sysvol and netlogon are shared on a DC, which is required since clients need to obtain certain files from them. Even if you don't create additional file shares on a DC, sysvol and netlogon will still be shared.
dynamik
z0nk
wrote:
»
OK thanks. Thats what I thought.
crrussell3, how do you mean harden?
SCW, Security Templates, etc.
rwwest7
sysvol is where your GPO's will be stored. netlogon is where you keep your login scripts. Both these folders are replicated between all domain controllers in the domain. If you put a login script onto the share on one DC it will automagicaly appear on the other DC's.
RouteThisWay
z0nk
wrote:
»
OK thanks. Thats what I thought.
crrussell3, how do you mean harden?
No one jumped on this? Seriously? lol. TE is starting to disappoint
Talk about a softball!
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
