Re: IIS Security

The specific reason is "least privilege," which is an
industry standard best practice. Unless the
application needs to create or manage accounts, it
does not need to be a local Administrator.

Everything else the application needs to be able to do
are permissions that can be granted to a regular
non-Administrator user. The main reason for granting
Administrator privileges to accounts that don't need
to administer other accounts is because the person is
too lazy or too ill-informed to determine the
permissions that are really needed.

If someone compromises your application
somehow, do you really want them to automatically be
able to use the permissions gained to create accounts
and otherwise have total control over everything on
the compromised system?

People typically use the Filemon, Regmon and sometimes
Process Explorer utilities free from while running the application
without admin privileges to determine what files,
registry values and other privileges are lacking. Or,
Microsoft also makes the free Application
Compatibility Toolkit for the same purpose, for
Windows XP and newer.

The last link below has a long list of reasons of
advantages of least privilege:


Karl Levinson, CISSP, MCSE

From: focus-ms-return-9489@xxxxxxxxxxxxxxxxx
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: IIS Security

We've a vertical package that includes a web based
portal. (quite common for many Enterprise packages)

The problem lies in some of the requirements that the
company puts on running this portal.

The major one is that of adding the IUSR_machinename
account to the local admin group.
I know this is horrible, but need specific reasons why
this shouldn't be done so that I can bring it to my
boss and get it fixed.

Check out the New Yahoo! Mail - Fire up a more powerful email and get things done faster.


Relevant Pages

  • Re: Error 22022 when running SQLservices under different accounts
    ... I have no specific reason besides maybe tightening up security. ... reason why you can't use two accounts. ... >> I have already created two different local user accounts with the ... >> permissions. ...
  • RE: IIS Security
    ... fixing LUA (Least User Access) issues is "LUA Buglight", ... The main reason for granting ... Administrator privileges to accounts that don't need ...
  • Re: Error 22022 when running SQLservices under different accounts
    ... Is there a reason you want two different accounts to manager vs. only one? ... > permissions. ... >> Well, why not have a Domain account created, with the require privs, and ...
  • Re: Implementing privileges
    ... bank accounts, ... is nearly finished but I'm having some trouble in managing privileges. ... If the rules and policies of privilege are inherently dynamic and likely to change frequently over time, you would probably be better off keeping them out of the DBMS. ... The R1 and R3 relationships then only need to be instantiated once in the DBMS when a UserAccount or FinancialAccount is added rather than every time they are accessed by an application. ...
  • Re: My fellow (Debian) Linux users ...
    ... If you have reason to believe you are in the focus of someone who can take ... do we have any real news of this vulnerability being used in ... Rocketmail accounts, but all accounts do cause issues now, currently ... not for Debian lists only:(. ...