Domain Controller on a Windows 2003 Terminal Server

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Recently I had a discussion with a customer about his Terminal Server
configuration.
To save money he had setup one Windows 2003 Terminal Server as Domain
Controller, Exchange server and File Server.
Clients can logon locally and through RDP-sessions from outside. It is just
for a small company with ten users, and he claims it works, but in my opinion
it is 'not done' to install the Domain Controller on a Terminal Server. Do I
have an old-fashioned opinion?
 
No, in principle, you are absolutely right.
Installing Terminal Services on a Domain Controller is *not*
recommended, for both performance and security reasons. Note that
it is not even possible anymore on a SBS2003 server.

Performance is probably not going to be an issue with such a small
network and only 10 users. Security *is* a problem, though.
Users will need the right to logon locally on the Domain
Controller, and they will use it as their personal desktop
computer. Most likely, they will also need some elevated user
rights. That's not something that you want on a Domain Controller
and Exchange Server.
Moreover, you cannot lock down the TS user sessions like you can
when TS runs on a member server.

That said, I realise that it might seem overkill for a small
company to buy a dedicated server as Terminal Server (or dedicated
DC). Your situation is a borderline case, I would say.
The best solution also depends on how much downtime you can
tolerate (if the combined DC + Exchange Server + Terminal Server
has to be rebuild/repaired/fixed), and how good your backup and
restore utilities are.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
Thank you Vera for your reply. Indeed for a small company the argument can be
that it is overkill to buy a dedicated server as Terminal Server. However the
customer I mentioned had a problem with his Outlook client. After he
discribed his configuration, I found out that the combination Exchange Server
and Outlook on the same computer is not supported by
Microsoft.(http://support.microsoft.com/default.aspx?scid=kb;en-us;266418)

So to choose such a configuration you need to know exactly if things can run
together, I can imagine that some combinations can run you big trouble.

"Vera Noest [MVP]" schreef:
 
Yes, that's another problem. The Exchange - Outlook combination is
the only one I know of, but there might be others.
The biggest problem is security, though. Many applications (which
were developed without TS in mind) still assume that the user is
local Administrator on his or her workstation. To get such
applications to work properly on a TS, you are often forced to give
users Write permissions to parts of the file system and registry.
That's already a problem on a TS as member server. On a DC, there's
so much more harm they can do.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
Back
Top