I have been using MS Windows Server products since way back with NT and seem to remember being "advised" to not leave the server in an active log on session (Administrator logged on). I can't remember the specifics of why (I think it had something to do with security), just don't leave it in an active log on session. I was having a discussion with another Network Administrator and this topic came to forefront when discussing using an Antivirus program on the Server. My thoughts are that the Antivirus is not checking "file activity" - resource sharing "through/being stored on the server" if no one is logged on. I know that if you can have and Antivirus for Exchange Server and it will monitor traffic of files in and out of Exchange. What I am asking about is AntiVirus monitor for Network File Sharing (NFS) on the server when the AntiVirus program is loaded as a "user" and someone is not logged on. AND, should we leave the server in an "active" log on session? After server boots and the Administrator logs in: 1. Should the administator log off after completing whatever actions? 2. Should administrator stay logged on (active logon session) and "lock the server?" 3. What would be the advantages/disadvantages of leaving logged on or logging off? Thanks for input. Matt. mfgrandalski@ftc-i.net

Hi Matt, Your anti-virus software runs as a service, (or should do), and so it doesn't matter if anyone is logged on to the console or not, as to whether the AV program will be active or not. All files read from and written to the disk of the server will be scanned by the AV engine regardless. It is recommended to log off from the server when not using it. (instead of locking it). There is no advantage to simply locking the server over logging off, unless someone is actively using the console, and has to temporarily lock it while doing something else. Logging off closes all user programs, and so saves memory. Also, remember, you only have 1 console session and 2 remote sessions available. Why hog a session if you're not using it?If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer".

Hello Matt, The only reason I would see for leaving the admin logged in but locking the screen is if your antivirus program won't run as a service. Otherswise it's more a good practices to logoff a server when not in use. This is from a security standpoint of someone trying to piggy back onto the system via the keyboard. Hopefully you have created a new admin user, and don't use the default admin and followed the standard MS best practices server hardening techniques. At then end of the day, though the world will not end because you have a admin locked on the screen vs. logged off.

Thanks for the inputs. All discussion has been about AV running as a service and it is checking for virus. Here's a thought: When someone is logged in and a virus is detected there is a message that pops up on the screen as an alert. All actions on that file are suppended until that someone responds. When running as a service and not logged in, what happens? Thanks, Matt