Increase file server performance

  • Section(s): Active Directory , Security
  • Created on Apr 27, 2006.
  • Last Modified on Jul 12, 2006.
  • Last Modified by Mitch Tulloch.
  • Rated 2.9 out of 5 based on 17 votes.
Don't use your domain controller as a file server--here's why.

One simple way to get better file server performance is to make sure you use a separate server as your file server. In other words, don't use your domain controller as your file server. Why, you might ask. After all, domain controllers don't do all that much most of the time--everyone logs on in the morning, downloads GPOs, and the DC goes quiet, right?

Well, if you are running Windows Server 2003 then SMB signing is turned on by default for security reasons to safeguard network communciations between client computers and DCs by protecting against man in the middle attacks and SMB packet replay attacks. But SMB signing also means that all packets in a TCP session that are exchanged between clients and DCs are serialized i.e. packet 1 must be acknowledged as received before packet 2 is sent, and so on. And this can have a huge impact if you try to transfer a large file between a client and a DC.

Rather than disable SMB signing, which would expose your domain controller to possible attack, why not migrate your file server functions to a separate machine instead.

Cheers, Mitch Tulloch, MVP

Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Anti Virus Appliance solution?