Robbie Niblock said:
Hi all
I am writing a report for a client and want to show why Terminal Services
should not be run on a domain controller. Does anyone have a link to the MS
article explaining the risks?
Thanks
http://www.microsoft.com/technet/pr...Kit/a32ff6ed-ed01-4c31-af85-06dbb5bd5b63.mspx
In an Active Directory environment, avoid configuring Terminal Server as a
domain controller for the following reasons:
. Any user rights policies you apply to such a server apply to all
domain controllers in the domain. For example, to use Terminal Services,
users must be authorized to log on locally to the server. If the server
running Terminal Services is a domain controller, users can log on locally
to all domain controllers in the Terminal Services domain, presenting a
serious security risk.
. Domain controller functions place a heavy load on system resources
and would thus have an effect on the user's Terminal Server experience.
. By default, enabling Terminal Services sets the server
process-scheduling priority to favor interactive applications. The system
does not assign top priority to critical domain-level processes such as user
count replication, logon requests, logon script replication, and
authentication requests.
Jocko
