IIS anonymous user is a domain user

From: Henry Splatt (henry_splat_at_hotmail.com)
Date: 09/04/03


Date: Thu, 04 Sep 2003 12:44:16 GMT

What are the security rammifications of having an IIS 5.0 box, where the
anonymous user is a domain user as opposed to the normail IUSR_Machine
account?

How would this be amplified, if at all, by having the default Everyone group
with full control on the file system? The box is behind a good firewall.

Thanks for your time,

Henry



Relevant Pages

  • IIS anonymous user as a domain account
    ... anonymous user is a domain user as opposed to the normail IUSR_Machine ...
    (comp.os.ms-windows.nt.admin.security)
  • IIS anonymous user as a domain account
    ... anonymous user is a domain user as opposed to the normail IUSR_Machine ...
    (microsoft.public.win2000.security)
  • Re: Win32 security limitations: why?
    ... Impersonation allows a process to run with the credentials ... the Iwam account, for support of the anonymous users. ... this allows the anonymous user to have a process with a higher security ... Microsoft MVP (Windows Security) ...
    (microsoft.public.security)
  • RE: WCF Proxy Server settings not working
    ... passing the credentials through to WCF, ... For the production environment, even if you switch the Application Pool ... what's the account displayed if you use ... I had changed the anonymous user to a privileged user (this is on my ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: FTP permissions with IIS
    ... >this account ... >the anonymous user will not be able to cd to it. ... but I want to be able to set different permissions ... >> virtual directory shareddocs ...
    (microsoft.public.windowsxp.security_admin)