Protecting your DCs from viruses is vital. Here are some important
guidelines you should follow:
- Ensure that the antivirus software is certified for the version of
Windows you're running.
- Use antivirus software that's Active Directory (AD)-aware.
- Don't perform actions from a DC that might make it more
susceptible to viruses (e.g., surfing the Web).
- Avoid using a DC as a file share if load on the machine is a
concern; the additional work involved in virus-scanning files on the
shares will stress the DC.
- Don't place the AD or File Replication Service (FRS) database and
log files on a compressed NTFS volume.
- Ensure that your virus scanner doesn't scan the following AD
database files. (These are the default locations, so you might need to
modify the pathnames if you specified nondefault folders during AD
creation.)
- %windir%\ntds\ntds.dit
- %windir%\ntds\ntds.pat
- %windir%\ntds\EDB*.log
- %windir%\ntds\Res1.log
- %windir%\ntds\Res2.log
- %windir%\ntds\Temp.edb
- %windir%\ntds\Edb.chk
- Ensure that your virus scanner doesn't scan the following FRS
files. (These are the default locations, so you might need to modify
the pathnames if you specified nondefault folders during AD creation.)
- %windir%\ntfrs\jet\ntfrs.jdb
- %windir%\ntfrs\jet\sys\edb.chk
- %windir%\ntfrs\jet\log\*.log
- Also exclude these SYSVOL areas:
- %windir%\sysvol\staging areas
- %windir%\sysvol\sysvol
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment