Running Syantec Antivirus on a Windows Domain Controller

Access control
Application security
Current threats
Digital certificates
human factors
Identity & Access Management
Instant Messaging
Microsoft Exchange
Microsoft Windows
PEN testing
Platform Security
Secure Coding
Security tokens
Single sign-on
SQL Server
vulnerability management
Web security
I am currently in the process of deploying Symantec AntiVirus Corporate edition in my Windows-based network. In the manual it states, Do not install the primary management server on the following: Miscrosoft Exchange Server, Web server, or programs that prevent you from restarting the computer at any given time. I assume the last one would mean that I should not install it on my Domain Controller, but I do not have another server available. Anyone have any experience with this?

Answer Wiki

Thanks. We'll let you know when a new response is added.

As with any management software (F-Secure, Diskeeper, Etc.) you should be able to install it to a workstation or go virtual and run it on a virtual server.

Discuss This Question: 8  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Wmorrison
    No, I would not interpret it that way. I have Symantec Coporate Edition installed on my Domain Controller, and have run it that way for five years with no problems. I also have it set up that way on two other DC's at two other offices. Just when you do the install and any updates, do it after hours or on a day that when you are able to reboot the server when needed. Hopes this help ease your conscience. WM
    5 pointsBadges:
  • SkipBayro
    You can use any Windows 2000 or XP workstation to install your Symantec Server. Make sure that it has plenty of horsepower (2-3Ghz P4) and at lest 1 GB Ram and a connection to the Network Backbone. Do not run any other applications on the box and do not use it as a workstation and you should be ok. I recommend that you get it installed to a server class PC though with Win2000 Server or Win2003 Server Std. as soon as practical.
    5 pointsBadges:
  • Skepticals
    Well, it appears I am getting mixed thoughts. I think I will install it on the DC and schedule it to update after hours. If that doesn't work, I will move it to a workstation for now until I can get a new server...unless anyone has a better suggestion. Thanks for your thoughts.
    0 pointsBadges:
  • TheVyrys
    They are probably doing two things, cueing you to think about your situation, and covering their a** a little bit at the same time. I have always run Corporate edition on my DC's with no problems. That doesn't mean you or anybody else will...just my experience so far. One note - if/when you get Exchange server, read the documentation and follow it well before installing Symantec AntiVirus on it. Good luck.
    0 pointsBadges:
  • Skepticals
    The Vyrys, Thanks for the reply. I know I have installed it on a DC in the past, but I wanted to see what other people are doing. I just wanted to make sure that everyone didn't say it was a horrible idea. Before when I did it, I never read the manual. I did this time and I will for the exchange server as well. Thanks again.
    0 pointsBadges:
  • Tippolo
    I have Symantec Corporate installed on our 3 domain controllers, updating at night, have been doing it for four years now with no glitches. I have it installed on the three to spread out the workstation download load on the three servers.
    0 pointsBadges:
  • Mistoffeles
    Another suggestion, use a better antivirus product:
    0 pointsBadges:
  • Wrobinson
    While it is generally not a good idea to install non-essential software on a domain controller, installing SAV management software on one is not unheard of in environments that do not have the luxury of deploying dedicated application servers for this or other roles. The great thing about domain controllers, particularly in Windows Server 2008, 2003 and 2000 Server is that domain controllers operate in a multi-master mode. So you can take one offline such as for a restart without impacting the environment. Clients will be able to contact another domain controller through service (SRV) records. Personally, I have seen SAV run problem-free on domain controllers. If you do not have more than one domain controller, then you will need to schedule the necessary downtime. Make sure that Windows Installer is up to date before performing the installation.
    5,625 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: