SQL Server Installed on Domain Controller

Question

SQL Server Installed on Domain Controller

Edward McGovern

Ten Centuries

Points: 1299
More actions
January 6, 2005 at 12:51 pm

#183732

I know its not a good idea. What are the top 10 reasons to not do so?
Any input greatly appreciated.

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply

Frank Kalis SSC Guru Points: 111183 More actions · Answer 1

Sorry, I really, really don't want to sound offending, but don't you think you can find this out yourself? Is this for some kind of exam or homework?

--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

Edward McGovern Ten Centuries Points: 1299 More actions · Answer 2

Edward McGovern

Ten Centuries

Points: 1299

January 6, 2005 at 2:17 pm

#536287

Any input greatly appreciated, except for that one.

Frank Kalis SSC Guru Points: 111183 More actions · Answer 3

Good luck on your search!

--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 4

Where to start? How about an editorial that appeared yesterday!

Editorial: Keep 'em Separated (Bill Boswell)

Or this:

Perform a Secure SQL Server installation

The quote is classic:

"Never install SQL Server on a Windows domain controller because an application vulnerability could lead to the compromise of your entire domain."

This is the bottom line with respect to domain controllers and applications. SQL Server is going to run with some pretty hefty privileges even if you set it not to run as an administrative level account (which you don't want to do because then the account is effectively a domain admin meaning SQL Server is, too). Should someone compromise your SQL Server, your domain is ripe for the picking, too.

There are valid situations (recovery with limited hardware) where you accept the trade-off. But as a general practice, the security consensus is don't do it.

K. Brian Kelley
@kbriankelley

Edward McGovern Ten Centuries Points: 1299 More actions · Answer 5

Thank you exactly what I was looking for.

I am trying to convince a cheap client on not installing SQL Server on a Domain Controller. I am trying to construct the most useful argument possible. I already know:

1) Security. The Domain controller is the HUB of your network. Isolation is key in security. The futher the server is from most traffic the better. So microsoft recommends not having SQL installed on a Domain Controller.

2) Performance. Domain controllers are often amoung the most pounded servers. Everyone has to hit them. Its not smart to put SQL on server that is already hit often.

Some of this stuff you have here I never even thought about.

Thank you.

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 6

3) Reliability/Availability. Do you want an application bug to blue screen your domain controller, thereby resulting in a denial of service for your DC?

K. Brian Kelley
@kbriankelley