IIS Issue: Upgrading Workgroup Windows 2003 server to Domain Controller
Scenario
Modified an existing Windows 2003 workgroup computer so that it can become a
Domain Controller (DC). IIS is already installed on this system. When promoted to a Domain Controller, the security gets messed up.
Cause
IIS uses certain built-in local accounts for it’s operations such as Network Service, System or IUSR_<computer_name> depending on which one you are using. Therefore, when promoting a member server to a DC, the concept of built in accounts work no more. And that has an effect on IIS.
Solution
It is highly recommended not to run IIS (or any other servers) on the Domain Controller for security reasons. If you use IIS on a DC, then the Anonymous user is a Domain account and has rights by default as a member of domain users. This may or may not be acceptable depending on your circumstances, but often is not.
References:
