No announcement yet.

WSUS on a DC

  • Filter
  • Time
  • Show
Clear All
new posts

  • WSUS on a DC

    I have been working with WSUS on a test lab server. I am now ready to roll this out to our production enviroment. My question is it ok to install WSUS on a domain controller, or is it advised not to? We are a small company of about 250 systems with 2 DC 1 File Server and 1 lotuse notes mail/database server on our network. The DC we would install it on is a Dual Xeon 3.6 Ghz with 1Gb of memory. It also runs as a DNS server.


  • #2
    Re: WSUS on a DC

    Personally I never feel comfortable with loading any software on ta DC that is not absolutely required for the DC's operation.

    Setting up WSUS on a DC introduces too many new attack vectors (consider IIS and MSDE) and could cripple the DC's performance during the peak patching hours.

    If you ask me, try avoiding setting it up on a DC. If your file server can not accommodate the additional load and you do not have the funds for a dedicated server box, set up a fairly strong workstation and install WSUS on it. Remember that if the WSUS box dies, it can easily be rebuilt and pick up from where it's predecessor stopped - something you can not say about DCs, which require more work and are the core of your network.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      Re: WSUS on a DC

      Great point ones I did not think off. I too hate putting anything else onto my DC's hence why I asked the question. I have a fairly powerfull FileServer which I can place the WSUS on. I also have a Windows Server 2003 VPN would this be a better choice or because it is accessable from the internet I should avoid this too?
      Again thanks for your info.