Hi, I have just set up a website and hope to start getting some business from it. Basically, I bought a domain and I'm hosting it on my web server. I need to know how secure IIS is, when running on a DC (I've been told it's a bad idea). One solution is to run a small linux distro under VMWare, I'm trying Damn Small Linux right now - but then, how would I get exchange web access to work as that needs to be on IIS am i correct? Anyway, any suggestions welcome. Thanks a lot, Rob Rob Golding - Gold Computer Solutions - Networking, Email and IT Services/Support - www.goldcs.co.uk

DC + IIS doesn't really make the Windows box itself less secure. It's that any public server, meaning a server exposed to the internet, is less secure. That's universal across any OS, whether it be Windows, Linux, etc. A DC houses user accounts. The question is simply do you want to expose the box that contains this stuff to the internet? Keep in mind even if you have a second DC without web services, it's irrelevant to the security of your user accounts. A potential hacker can just as easily get account information from any DC in a domain, and should someone be malicious and make changes to user accounts or create new ones, it will be replicated to all DC's. With that said, it's still done frequently. For example, people expose their SBS2003 servers to the internet for a web presence, and remote access to Sharepoint and Exchange. Just make sure you have a good firewall in place in front of the server, and harden your OS, especially things pertaining to IIS, as best as you can. Even better, use ISA server in front as well, since ISA provides the best protection for a Windows server of any firewall. Check out the Windows 2003 Security Guide. It's free on Microsoft's site. Yes, you need IIS for Outlook Web Access. Please help survivors of Hurricane Katrina! www.redcross.org

OK thanks I'll bear that in mind. An idea might be to get a cheap hosting account and make a subdomain point to my IP so I can still access OWA. Thanks a lot, Rob Rob Golding - Gold Computer Solutions - Networking, Email and IT Services/Support - www.goldcs.co.uk

It's irrelevant for security. You still have a web server/dc exposed. "Milk was a bad choice!"

As an alternative, you could check into having some other company host your website. This means not having to expose your DC to the outside world.