Guest SmpIT Posted June 9, 2008 Posted June 9, 2008 Hello. We are a small business (70-100 users) with two domain controllers both running Server 2003. Going forward, we would like to use the new Network Access Protection (NAP) to help with client security. We know that installing a Certificate Authority on the domain is a necessary first step in this process. Can anyone tell me if there is any reason NOT to install the CA on one of our two domain controllers? I know Microsoft best practices indicate that a CA should not be installed on a DC "for security reasons," but I'm guessing that on balance, small shops like us might not be as concerned about those potential security problems. Also, it looks like it is necessary to run IIS on all CA servers, is that correct? Thanks much. SMP IT
Recommended Posts