WSUS on DC

[cava83]

Hi,

Just wondering what your thoughts are.

Through further research, some people say put it on;

• A member server
• DC's are fine
• Don't install on a server but on a spare desktop

Just wondering what your general consensus is regarding this?

Ideally, I would like to place it on a DC as it does nothing at the moment apart from AD and just how I like it.

It's currently running off some battered server with 2003 barely staying up

Thanks,

G.

 

[McBunny]

build a support server that does this sort of stuff like mcafee epo wsus images virtual media library vnc server etc

dont install anything on a dc other than ad dhcp dns wins etc

 

[Greeny.]

On our 2 domains we have WSUS on a DC on each one, never had any issues at all.

 

[cava83]

It's a bit of a security concern due to the issues with IIS, which is very annoying.

McBunny, DHCP is not recommended to be used on a DC.......

 

[McBunny]

i know but they wont buy me any more servers and having dhcp on it is better than having a server with just dhcp on it

 

[cava83]

Certainly true

I can't have any more servers too.

Don't let me buy toys, damn them.

i know but they wont buy me any more servers and having dhcp on it is better than having a server with just dhcp on it

 

[McBunny]

and if we did everything by the book im sure we would have to have about 30 servers for a single domain setup lol 3 ad servers 3 dns 3 wins 1 dhcp etc etc

 

[cava83]

The problem is when you reach certain scenarios like the following,

All users on hosted citrix providing office, excel, file server.

Users only use local machines to authenticate on the network and initiate citrix session (again, hosted)

Two DC's in the office only required.

1) DC1 - AD, DNS, DHCP
2) DC2 - AD, DNS, WSUS

:s not ideal.

 

[young_lew]

We run it off our applications server, Our DC's are strictly DC's and one also does printing

 

[KDF]

Lol.. my PDC runs WSUS, DNS, DHCP and Print Services lol the BDC run SQL Server heh..

It was like that before I started working here.. Bovered !

 

[McBunny]

whats exchange on ?

 

[cava83]

If you are talking to me, on a dedicated dell 2950, win 2008, exchange 2007 sp1, nothing else on server

 

[KDF]

And if your talking to me.. We don't use exchange.. we use Domino 8

 

[ChrisR]

WSUS was on a box we used for security/admin stuff (the machine was primarily the ePO server).

Then when we virtualised lots of things we just gave it it's own VM.

But that'll be going in a month or 2 when we start using SCCM for the server side patching as well.

 

[Longy]

I've got a few servers running it on the DC - no problem.

If SBS can run it on the same box as exchange, ISA, sharepoint, SQL, AD, DC etc etc then I'm sure a DC can run it

 

[Cookie]

I've run it on DC's before, don't see the issue with it if you don't have many servers spare.

It's a challenge to see just how many MS products you can get on a box before they start fighting with each other anyway

 

[McBunny]

just stry recovering the box now thats fun

 

[DMS]

I've done it in the past. Makes no difference as long as the server can handle the workload. I'm pretty sure DC's don't really do anything that interferes with WSUS and vice-versa.

 

[Scottydog]

build a support server that does this sort of stuff like mcafee epo wsus images virtual media library vnc server etc

dont install anything on a dc other than ad dhcp dns wins etc

+1

Best to have a dedicated server for this stuff.

Coincidently i'm currently setting up a new Server for our WSUS and WDS only.

The current server running these will step down to be just Sophos AV, a few printers and application storage.

24GB RAM 4TB 2xQuadcore is what you want!

 

[McBunny]

slight overkill for wsus lol

 

[Scottydog]

slight overkill for wsus lol

Running WDS too,

(Windows Deployment Service) which for those not in the know, allowed you to capture Windows Vista/7 Images from a machine, strip them and then install the images on another machine.

It's really good and means we can have images for different laptops, different department desktops etc etc

 

[McBunny]

whats the costs on wds ?

 

[Mike_182]

I'd suggest that:

SQL isn't the best idea on a DC
IIS isn't the best idea on a DC

That pretty much covers WSUS! There's no technical reason you 'can't' but from a security perspective there are dozens of reasons why you shouldn't.