I'm curious if using IISCrypto on a Domain Controller is considered a good practice, specifically just to adjust TLS settings. I understand that IISCrypto is usually a GUI application, but I'm only looking to use it for best practice TLS configurations. Is it suitable, or is it deemed overkill?
2 Answers
Using IISCrypto on a Domain Controller is generally okay. It allows for some solid TLS configurations. Just be aware of the potential implications of adding any GUI-based tools on a DC—mainly for security reasons.
While it's possible to use IISCrypto, best practices suggest that a Domain Controller shouldn't have IIS installed at all. If you're not running IIS, then using IISCrypto might seem unnecessary. It's worth figuring out if the TLS settings can be configured through the command line instead—it might be safer!
Thanks for clarifying! I don’t have IIS running; I only need to ensure the TLS settings are in line with best practices. Sounds like I should stick to command line options if possible.