Options
AD and File server on same machine
z0nk
Member Posts: 5 ■□□□□□□□□□
Hi
I'm learning server 2008. I'm doing the Train Signal tutorials on active directory for server 2008 (70-640).
Ive already set up active directory on 2 netbooks, and installed a file server on one of those. When I browse to it from another machine I notice Sysvol and Netlogon folders are shared. I was wondering if this is a security issue and is it OK to install a file server on the same machine with AD?
Thanks
I'm learning server 2008. I'm doing the Train Signal tutorials on active directory for server 2008 (70-640).
Ive already set up active directory on 2 netbooks, and installed a file server on one of those. When I browse to it from another machine I notice Sysvol and Netlogon folders are shared. I was wondering if this is a security issue and is it OK to install a file server on the same machine with AD?
Thanks
Comments
-
Options
Hyper-Me
Banned Posts: 2,059
Its fine. Sysvol/Netlogon are shared once you make a machine a DC so that certain files (group policy, logon scripts, etc) can be downloaded by clients.
Infact, its on purpose that users have read access to these folders.
In larger environment, it would obvioulsy be ideal to seperate roles as best you can, but in situtations like SBS its perfectly OK. -
Options
crrussell3
Member Posts: 561
As Hyper-Me said, its perfectly fine, especially in smaller environments. I work for a non-profit as a sys admin, and we have three sites, each with their own DC. These DC's also act as DNS, DHCP, File, and Print servers. They handle about 75-100 users each, and it works just fine.
Just make sure you harden your DC's and everything will be fine.MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration -
Optionsz0nk
Member Posts: 5 ■□□□□□□□□□
OK thanks. Thats what I thought.
crrussell3, how do you mean harden? -
OptionsHyper-Me
Banned Posts: 2,059
OK thanks. Thats what I thought.
crrussell3, how do you mean harden?
Harden security wise. -
Options
MentholMoose
Member Posts: 1,525 ■■■■■■■■□□
Just to make it clear, there are two issues. First, running a file server on a DC is fine, especially in smaller environments. Second, sysvol and netlogon are shared on a DC, which is required since clients need to obtain certain files from them. Even if you don't create additional file shares on a DC, sysvol and netlogon will still be shared.MentholMoose
MCSA 2003, LFCS, LFCE (expired), VCP6-DCV -
Optionsdynamik
Banned Posts: 12,312 ■■■■■■■■■□
OK thanks. Thats what I thought.
crrussell3, how do you mean harden?
SCW, Security Templates, etc. -
Optionsrwwest7
Member Posts: 300
sysvol is where your GPO's will be stored. netlogon is where you keep your login scripts. Both these folders are replicated between all domain controllers in the domain. If you put a login script onto the share on one DC it will automagicaly appear on the other DC's.
-
Options
RouteThisWay
Member Posts: 514
OK thanks. Thats what I thought.
crrussell3, how do you mean harden?
No one jumped on this? Seriously? lol. TE is starting to disappoint
Talk about a softball!
"Vision is not enough; it must be combined with venture." ~ Vaclav Havel
